Redirect to Original URL After Session Expiry and Re-login (#6495)

* go back to previous url after session expiration * add query parameters instead of localstorage * resolve cross scripting * use newURL instead of string manipulation * check origin while redirecting * remove cross-site-scripting * convert the redirection into a function * remove else redirection
ohcnetwork · Nov 6, 2023 · e30d6bd · e30d6bd
1 parent e1eac85
commit e30d6bd
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 4 deletions.
diff --git a/src/Components/Auth/Login.tsx b/src/Components/Auth/Login.tsx
@@ -12,6 +12,7 @@ import CircularProgress from "../Common/components/CircularProgress";
 import { LocalStorageKeys } from "../../Common/constants";
 import ReactMarkdown from "react-markdown";
 import rehypeRaw from "rehype-raw";
+import { handleRedirection } from "../../Utils/utils";
 
 export const Login = (props: { forgot?: boolean }) => {
   const {
@@ -109,7 +110,7 @@ export const Login = (props: { forgot?: boolean }) => {
           window.location.pathname === "/" ||
           window.location.pathname === "/login"
         ) {
-          window.location.href = "/facility";
+          handleRedirection();
         } else {
           window.location.href = window.location.pathname.toString();
         }

diff --git a/src/Redux/fireRequest.tsx b/src/Redux/fireRequest.tsx
@@ -152,7 +152,7 @@ export const fireRequest = (
           if (error.response.status > 400 && error.response.status < 500) {
             if (error.response.data && error.response.data.detail) {
               if (error.response.data.code === "token_not_valid") {
-                window.location.href = "/session-expired";
+                window.location.href = `/session-expired?redirect=${window.location.href}`;
               }
               Notification.Error({
                 msg: error.response.data.detail,

diff --git a/src/Utils/request/handleResponse.ts b/src/Utils/request/handleResponse.ts
@@ -29,7 +29,7 @@ export default function handleResponse(
   if (res.status >= 400) {
     // Invalid token
     if (!silent && error?.code === "token_not_valid") {
-      navigate("/session-expired");
+      navigate(`/session-expired?redirect=${window.location.href}`);
     }
 
     notify?.Error({ msg: error?.detail || "Something went wrong...!" });

diff --git a/src/Utils/utils.ts b/src/Utils/utils.ts
@@ -107,8 +107,31 @@ export const handleSignOut = (forceReload: boolean) => {
   Object.values(LocalStorageKeys).forEach((key) =>
     localStorage.removeItem(key)
   );
+  const redirectURL = new URLSearchParams(window.location.search).get(
+    "redirect"
+  );
+  redirectURL ? navigate(`/?redirect=${redirectURL}`) : navigate("/");
   if (forceReload) window.location.href = "/";
-  else navigate("/");
+};
+
+export const handleRedirection = () => {
+  const redirectParam = new URLSearchParams(window.location.search).get(
+    "redirect"
+  );
+  try {
+    if (redirectParam) {
+      const redirectURL = new URL(redirectParam);
+
+      if (redirectURL.origin === window.location.origin) {
+        const newPath = redirectURL.pathname + redirectURL.search;
+        window.location.href = `${window.location.origin}${newPath}`;
+        return;
+      }
+    }
+    window.location.href = "/facility";
+  } catch {
+    window.location.href = "/facility";
+  }
 };
 
 /**