diff --git a/src/HttpController/Web/AuthenticationController.php b/src/HttpController/Web/AuthenticationController.php
index edaf6084..faa2dd71 100644
--- a/src/HttpController/Web/AuthenticationController.php
+++ b/src/HttpController/Web/AuthenticationController.php
@@ -37,11 +37,21 @@ public function login(Request $request) : Response
} catch (InvalidCredentials) {
$this->sessionWrapper->set('failedLogin', true);
}
+ $redirect = $postParameters['redirect'];
+ $target = $redirect ?? $_SERVER['HTTP_REFERER'];
+
+ $urlParts = parse_url($target);
+ if (is_array($urlParts) === false) {
+ $urlParts = ['path' => '/'];
+ }
+
+ /* @phpstan-ignore-next-line */
+ $targetRelativeUrl = $urlParts['path'] . $urlParts['query'] ?? '';
return Response::create(
StatusCode::createSeeOther(),
null,
- [Header::createLocation($_SERVER['HTTP_REFERER'])],
+ [Header::createLocation($targetRelativeUrl)],
);
}
@@ -56,20 +66,20 @@ public function logout() : Response
);
}
- public function renderLoginPage() : Response
+ public function renderLoginPage(Request $request) : Response
{
$failedLogin = $this->sessionWrapper->has('failedLogin');
+ $redirect = $request->getGetParameters()['redirect'] ?? false;
$this->sessionWrapper->unset('failedLogin');
$renderedTemplate = $this->twig->render(
'page/login.html.twig',
[
- 'failedLogin' => $failedLogin
+ 'failedLogin' => $failedLogin,
+ 'redirect' => $redirect
],
);
- $this->sessionWrapper->unset('failedLogin');
-
return Response::create(
StatusCode::createOk(),
$renderedTemplate,
diff --git a/src/HttpController/Web/DashboardController.php b/src/HttpController/Web/DashboardController.php
index 348c2a5c..b446f200 100644
--- a/src/HttpController/Web/DashboardController.php
+++ b/src/HttpController/Web/DashboardController.php
@@ -31,7 +31,7 @@ public function render(Request $request) : Response
{
$userId = $this->userPageAuthorizationChecker->findUserIdIfCurrentVisitorIsAllowedToSeeUser((string)$request->getRouteParameters()['username']);
if ($userId === null) {
- return Response::createSeeOther('/');
+ return Response::createForbiddenRedirect($request->getPath());
}
$dashboardRows = $this->dashboardFactory->createDashboardRowsForUser($this->userApi->fetchUser($userId));
diff --git a/src/HttpController/Web/Middleware/UserIsAuthenticated.php b/src/HttpController/Web/Middleware/UserIsAuthenticated.php
index ddc0af62..104a6bcf 100644
--- a/src/HttpController/Web/Middleware/UserIsAuthenticated.php
+++ b/src/HttpController/Web/Middleware/UserIsAuthenticated.php
@@ -18,6 +18,6 @@ public function __invoke() : ?Response
return null;
}
- return Response::createForbidden();
+ return Response::createForbiddenRedirect($_SERVER['REQUEST_URI']);
}
}
diff --git a/src/ValueObject/Http/Response.php b/src/ValueObject/Http/Response.php
index 26dbb7e1..89dbb0ef 100644
--- a/src/ValueObject/Http/Response.php
+++ b/src/ValueObject/Http/Response.php
@@ -34,6 +34,12 @@ public static function createForbidden() : self
return new self(StatusCode::createForbidden());
}
+ public static function createForbiddenRedirect(string $redirectTarget) : self
+ {
+ $query = urlencode($redirectTarget);
+ return new self(StatusCode::createForbidden(), null, [Header::createLocation('/login?redirect='.$query)]);
+ }
+
public static function createJson(string $body) : self
{
return new self(StatusCode::createOk(), $body, [Header::createContentTypeJson()]);
diff --git a/templates/page/login.html.twig b/templates/page/login.html.twig
index ee5c3896..0fcb6002 100644
--- a/templates/page/login.html.twig
+++ b/templates/page/login.html.twig
@@ -42,6 +42,13 @@
Invalid credentials
+ {% else %}
+ {% if redirect != false %}
+
+ Sign in to access page
+
+
+ {% endif %}
{% endif %}
{% if registrationEnabled == true %}