Fix for users getting redirected to the wrong path #279
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kdeal
force-pushed
the
fix_for_wrong_page
branch
from
d7e5822
to
62b7490
Compare
ymilki
requested changes
Oct 6, 2023
Users were no longer getting redirected back to the correct page after logging in. This was broken because passport started clearing the session store for users after authenticating them for security reasons in newer versions. This means the session.oauth2return is always empty after login, so users are always redirected to the home page. The oauth flow does allow us to send a state variable that will be forwarded to the callback url. It is recommended to either make the state variable a random string and store the state elsewhere or sign the data that you put into it. It seemed easier to use a random string and store the state in app.locals, so I went that route. The app.locals is in memory, so if it gets restarted the state will be lost. This is already true of our session store, so it shouldn't be any worse then our current state.
kdeal
force-pushed
the
fix_for_wrong_page
branch
from
62b7490
to
79808a4
Compare
ymilki
approved these changes
Oct 6, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Users were no longer getting redirected back to the correct page after logging in. This was broken because passport started clearing the session store for users after authenticating them for security reasons in newer versions. This means the session.oauth2return is always empty after login, so users are always redirected to the home page. The oauth flow does allow us to send a state variable that will be forwarded to the callback url. It is recommended to either make the state variable a random string and store the state elsewhere or sign the data that you put into it. It seemed easier to use a random string and store the state in app.locals, so I went that route. The app.locals is in memory, so if it gets restarted the state will be lost. This is already true of our session store, so it shouldn't be any worse then our current state.
I manually tested this locally and it seems to work as expected. This is based off this article.