Bug #18965
closeddoes not preserve the desired destination url through the login process
Description
Observed on 2.3.3.
This happens when I try to visit a page on the playground (e.g. a collection url) that requires being logged in. Clicking on the URL leads to the login page, and after logging in, I land on the dashboard instead of the destination url.
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-04-27 Sprint to 2022-05-11 sprint
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-05-11 sprint to 2022-05-25 sprint
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-05-25 sprint to 2022-06-08 sprint
Updated by Daniel Kutyła over 2 years ago
- Status changed from New to In Progress
Updated by Peter Amstutz over 2 years ago
- Category set to Workbench2
- Subject changed from [workbench2] does not preserve the desired destination url through the login process to does not preserve the desired destination url through the login process
Updated by Peter Amstutz over 2 years ago
- Status changed from In Progress to Feedback
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-06-22 Sprint to 2022-07-06
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-07-06 to 2022-07-20
Updated by Peter Amstutz over 2 years ago
- Assigned To changed from Daniel Kutyła to Stephen Smith
Updated by Tom Clegg over 2 years ago
- Status changed from Feedback to In Progress
The return_to param passed to controller's /login endpoint can have any path and query string. The query string should be constructed with proper escaping using encodeURIComponent (current code uses "https://controller.example/login?...&return_to=https://wb2.example/token"
which is incorrect).
Controller will preserve the query string if present, and append &api_token=xxxxxx
to it when sending the user back to wb2 after login.
https://wb2.example/current_path?current&query&string
...if it's convenient for wb2 to handle the incoming token and redact it from the location bar regardless of which route/page it lands on, orhttps://wb2.example/token?redirectTo=%2Fcurrent_path%3Fcurrent%26query%26string
...if it's more convenient for wb2 to only handle an incoming token at a specific /token page and then navigate to the redirectTo address
Updated by Tom Clegg over 2 years ago
- Related to Feature #17807: keep-web supports login flow added
Updated by Tom Clegg over 2 years ago
- Related to deleted (Feature #17807: keep-web supports login flow)
Updated by Tom Clegg over 2 years ago
- Blocks Feature #17807: keep-web supports login flow added
Updated by Stephen Smith over 2 years ago
Changes at arvados-workbench2|bbc64c1641d37f8e793a901b93be439e7a8f229e branch 18965-login-flow-destination
Tests developer-tests-workbench2: #816
- Force using localstorage for targetUrl to avoid it being lost in oauth process
- Add post-password-login redirect to previous location if not '/', otherwise continue with regular root project redirect
Updated by Peter Amstutz over 2 years ago
- Target version changed from 2022-07-20 to 2022-08-03 Sprint
Updated by Peter Amstutz over 2 years ago
Stephen Smith wrote in #note-17:
Changes at arvados-workbench2|bbc64c1641d37f8e793a901b93be439e7a8f229e branch 18965-login-flow-destination
Tests developer-tests-workbench2: #816
- Force using localstorage for targetUrl to avoid it being lost in oauth process
- Add post-password-login redirect to previous location if not '/', otherwise continue with regular root project redirect
This LGTM
Updated by Stephen Smith over 2 years ago
- Status changed from In Progress to Resolved