Enable redirection to previous page after login #487
Conversation
| * OAuth callback | ||
| */ | ||
| exports.oauthCallback = function(strategy) { | ||
| return function(req, res, next) { | ||
| // Pop redirect URL from session | ||
| var sessionRedirectURL = req.session.redirect_to; | ||
| delete req.session.redirect_to; |
There was a problem hiding this comment.
Why are we temporarily setting a property on the req session?
There was a problem hiding this comment.
@ilanbiala thanks for looking into this. I am setting a property in the first call, oauthCall. In the callback I retrieve it. Do you think there would be a better way to implement this?
There was a problem hiding this comment.
I think I'm missing something, but what about the successRedirect property?
http://passportjs.org/guide/google/
There was a problem hiding this comment.
@ilanbiala , the callback is called by the provider. As I understand, it is not possible to pass the previous URL to the callback. This is why a oauthCall was introduced, so we have a way of storing the previous state. If we use successRedirect, then we would again need to pass the value for successRedirect somehow, perhaps through a property on session.
Here is where the idea came from http://stackoverflow.com/a/13336055/2859410
There was a problem hiding this comment.
What is req.url in oauthCall? What about in oauthCallback?
There was a problem hiding this comment.
For example:
oauthCall: /api/auth/twitter
oauthCallback: /api/auth/twitter/callback?oauth_token=xxx&oauth_verifier=xxx
There was a problem hiding this comment.
So this PR uses a setter on the URL in Angular to tell the server which URL to redirect to? Is there no way for us to know what page the user was previously on before the going to the authentication route?
There was a problem hiding this comment.
Not that I could think of. As my understanding, this Information does not come in req in the oauthCallback
igorauad
force-pushed
the
0.4.0
branch
2 times, most recently
from
3a84f3d to
5a7d093
Compare
| return function(req, res, next) { | ||
| // Set redirection path on session. | ||
| // Do not redirect to a signin or signup page | ||
| if (['/authentication/signin', '/authentication/signup'].indexOf(req.query.redirect_to) === -1) { |
There was a problem hiding this comment.
Instantiating this array every time will be costly, let's store a constant reference somewhere, no?
|
@igorauad what's the status here? we can't merge it to 0.4.0 due to conflicts. |
|
Hi @lirantal , thanks for asking. There was something missing, which I just added. Have a look, if possible. I think it is possible to merge now. |
|
thanks @igorauad, I assume you tested it? as we don't have any frontend tests yet to confirm. |
| <a href="/api/auth/paypal" target="_self" class="undecorated-link"> | ||
| <img src="/modules/users/img/buttons/paypal.png"> | ||
| </a> | ||
| <img ng-click="callOauthProvider('/api/auth/facebook')" src="/modules/users/img/buttons/facebook.png"> |
There was a problem hiding this comment.
Shouldn't these use ng-src even though we know the resource?
There was a problem hiding this comment.
@ilanbiala let me know once you think the modifications are ready, so that I can squash the commits
|
@lirantal Need more time to review. I think this should wait for post-0.4.0 |
|
I blew up my test setup for oauth stuff, gotta wait a bit before I can test this stuff again. PS. https://pagekite.net/ is pretty neat for testing this. |
|
sure, I'm ok with it. @ilanbiala what do you think? |
|
Looks good, but I haven't tested it. |
|
I've just realized something specifically for Paypal authentication was missing, since it didn't exist when I first wrote this PR. I have included it and re-tested the modifications to double check. It is working for both local and external authentication. I think it is ready for a merge. Anybody can confirm? |
|
@ilanbiala tests would be very useful, but I haven't seen an approach for this. Do you want to share anything that I could take a look? |
|
@igorauad I did it with a local strategy https://github.com/HTHS/hths-lunch/blob/master/test/server/mock-strategy.js, but maybe we can adapt it to use e2e tests to do OAuth? |
|
@ilanbiala yeah I agree on the tests. I'm also working on adding some coverage to the code base, and I'd love it if you can help out let's take it in another thread. About this PR - need angular people to review. @rhutchison WDYT? |
| <a href="/api/auth/paypal" target="_self" class="undecorated-link"> | ||
| <img src="/modules/users/img/buttons/paypal.png"> | ||
| </a> | ||
| <img ng-click="callOauthProvider('/api/auth/facebook')" ng-src="/modules/users/img/buttons/facebook.png"> |
There was a problem hiding this comment.
There are some data- prefix missing both in ng-click and ng-src in this line and in the ones below
There was a problem hiding this comment.
data- isn't necessary, I'm not sure why we even started using it.
There was a problem hiding this comment.
That was when meanjs was in xhtml era: https://github.com/meanjs/mean/blob/master/app/views/layout.server.view.html#L2
Now with html5 it's perfectly fine not to have them: https://github.com/meanjs/mean/blob/0.4.0/modules/core/server/views/layout.server.view.html#L1-L2
|
@ilanbiala probably it was most likely to pass in w3c html validation tool |
|
@igorauad is this ready to review? |
|
Yes, @ilanbiala. This PR works. Is there anything I should change? |
|
@lirantal LGTM. |
|
Sure. |
Two different strategies are adopted, one for when the user authenticates locally and the other through providers. When authenticating locally, the signin function in the client controller redirects to the previous state (storing and using a state name) after successful login. When authenticating through a provider, the first call to provider stores the previous URL (not state, URL) in the session. Then, when provider actually calls the authentication callback, session redirect_to path is used for redirecting user.
|
Done, @lirantal |
|
Thanks @igorauad |
Enable redirection to previous page after login
In response to #185
Two different strategies are adopted, one for when the user authenticates locally and the other through providers. When authenticating locally, the signin function in the client controller redirects to the previous state (storing and using a state name) after successful login. When authenticating through a provider, the first call to provider stores the previous URL (not state, URL) in the session. Then, when provider actually calls the authentication callback, session
redirect_topath is used for redirecting user.Note: I originally did this to master, so there is one extra thing to correct. First, note on branch master sign-in and signup are not nested states. Given they are nested in 0.4.0, the controller instantiated in the nested state does not capture the previous state properly. Therefore, this commit is not redirecting when authenticating locally yet. Suggestions are welcome.
For example, it seems an ugly solution to instantiate
AuthenticationControllerboth at parent and nested states. What would be better?