Project

General

Profile

Actions

Bug #18965

closed

does not preserve the desired destination url through the login process

Added by Ward Vandewege over 2 years ago. Updated over 2 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
Workbench2
Target version:
Story points:
-
Release relationship:
Auto

Description

Observed on 2.3.3.

This happens when I try to visit a page on the playground (e.g. a collection url) that requires being logged in. Clicking on the URL leads to the login page, and after logging in, I land on the dashboard instead of the destination url.


Subtasks 1 (0 open1 closed)

Task #19065: Review 18965-login-flow-destinationResolvedPeter Amstutz07/22/2022Actions

Related issues 1 (0 open1 closed)

Blocks Arvados - Feature #17807: keep-web supports login flowResolvedTom Clegg07/19/2022Actions
Actions #1

Updated by Ward Vandewege over 2 years ago

  • Description updated (diff)
Actions #2

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-04-27 Sprint to 2022-05-11 sprint
Actions #3

Updated by Peter Amstutz over 2 years ago

  • Assigned To set to Daniel Kutyła
Actions #4

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-05-11 sprint to 2022-05-25 sprint
Actions #5

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-05-25 sprint to 2022-06-08 sprint
Actions #6

Updated by Daniel Kutyła over 2 years ago

  • Status changed from New to In Progress
Actions #7

Updated by Peter Amstutz over 2 years ago

  • Category set to Workbench2
  • Subject changed from [workbench2] does not preserve the desired destination url through the login process to does not preserve the desired destination url through the login process
Actions #8

Updated by Peter Amstutz over 2 years ago

  • Status changed from In Progress to Feedback
Actions #9

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-06-08 sprint to 2022-06-22 Sprint
Actions #10

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-06-22 Sprint to 2022-07-06
Actions #11

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-07-06 to 2022-07-20
Actions #12

Updated by Peter Amstutz over 2 years ago

  • Assigned To changed from Daniel Kutyła to Stephen Smith
Actions #13

Updated by Tom Clegg over 2 years ago

  • Status changed from Feedback to In Progress

The return_to param passed to controller's /login endpoint can have any path and query string. The query string should be constructed with proper escaping using encodeURIComponent (current code uses "https://controller.example/login?...&return_to=https://wb2.example/token" which is incorrect).

Controller will preserve the query string if present, and append &api_token=xxxxxx to it when sending the user back to wb2 after login.

The premise is that the current page can be propagated using a return_to value like
  • https://wb2.example/current_path?current&query&string ...if it's convenient for wb2 to handle the incoming token and redact it from the location bar regardless of which route/page it lands on, or
  • https://wb2.example/token?redirectTo=%2Fcurrent_path%3Fcurrent%26query%26string ...if it's more convenient for wb2 to only handle an incoming token at a specific /token page and then navigate to the redirectTo address
Actions #14

Updated by Tom Clegg over 2 years ago

Actions #15

Updated by Tom Clegg over 2 years ago

Actions #16

Updated by Tom Clegg over 2 years ago

Actions #17

Updated by Stephen Smith over 2 years ago

Changes at arvados-workbench2|bbc64c1641d37f8e793a901b93be439e7a8f229e branch 18965-login-flow-destination
Tests developer-tests-workbench2: #816

  • Force using localstorage for targetUrl to avoid it being lost in oauth process
  • Add post-password-login redirect to previous location if not '/', otherwise continue with regular root project redirect
Actions #18

Updated by Peter Amstutz over 2 years ago

  • Target version changed from 2022-07-20 to 2022-08-03 Sprint
Actions #19

Updated by Peter Amstutz over 2 years ago

Stephen Smith wrote in #note-17:

Changes at arvados-workbench2|bbc64c1641d37f8e793a901b93be439e7a8f229e branch 18965-login-flow-destination
Tests developer-tests-workbench2: #816

  • Force using localstorage for targetUrl to avoid it being lost in oauth process
  • Add post-password-login redirect to previous location if not '/', otherwise continue with regular root project redirect

This LGTM

Actions #20

Updated by Stephen Smith over 2 years ago

  • Status changed from In Progress to Resolved
Actions #21

Updated by Peter Amstutz over 2 years ago

  • Release set to 52
Actions

Also available in: Atom PDF