fix: do not always redirect back to settings on mfa

ory · Jun 16, 2023 · f3aaa0e · f3aaa0e
1 parent 30b6f63
commit f3aaa0e
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 7 deletions.
diff --git a/selfservice/flow/settings/handler.go b/selfservice/flow/settings/handler.go
@@ -301,8 +301,13 @@ func (h *Handler) createBrowserSettingsFlow(w http.ResponseWriter, r *http.Reque
 		return
 	}
 
-	requestURL := x.RequestURL(r).String()
-	if err := h.d.SessionManager().DoesSessionSatisfy(r, s, h.d.Config().SelfServiceSettingsRequiredAAL(r.Context()), session.WithRequestURL(requestURL)); err != nil {
+	var managerOptions []session.ManagerOptions
+	requestURL := x.RequestURL(r)
+	if requestURL.Query().Get("return_to") != "" {
+		managerOptions = append(managerOptions, session.WithRequestURL(requestURL.String()))
+	}
+
+	if err := h.d.SessionManager().DoesSessionSatisfy(r, s, h.d.Config().SelfServiceSettingsRequiredAAL(r.Context()), managerOptions...); err != nil {
 		h.d.SettingsFlowErrorHandler().WriteFlowError(w, r, node.DefaultGroup, nil, nil, err)
 		return
 	}

diff --git a/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts b/test/e2e/cypress/integration/profiles/mfa/totp.spec.ts
@@ -49,7 +49,7 @@ context("2FA TOTP", () => {
         cy.visit(settings)
         cy.requireStrictAal()
 
-        let secret
+        let secret: string
         cy.get('[data-testid="node/text/totp_secret_key/text"]').then(($e) => {
           secret = $e.text().trim()
         })
@@ -101,7 +101,7 @@ context("2FA TOTP", () => {
         cy.visit(settings)
         cy.requireStrictAal()
 
-        let secret
+        let secret: string
         cy.get('[data-testid="node/text/totp_secret_key/text"]').then(($e) => {
           secret = $e.text().trim()
         })
@@ -147,7 +147,7 @@ context("2FA TOTP", () => {
         cy.get('img[data-testid="node/image/totp_qr"]').should("exist")
 
         // Set up TOTP
-        let secret
+        let secret: string
         cy.get('[data-testid="node/text/totp_secret_key/text"]').then(($e) => {
           secret = $e.text().trim()
         })
@@ -206,7 +206,7 @@ context("2FA TOTP", () => {
 
         // Linking a new device works
         cy.visit(settings)
-        let newSecret
+        let newSecret: string
         cy.get('[data-testid="node/text/totp_secret_key/text"]').then(($e) => {
           newSecret = $e.text().trim()
         })
@@ -300,7 +300,7 @@ context("2FA TOTP", () => {
         cy.get('*[name="method"][value="profile"]').click()
         cy.expectSettingsSaved()
 
-        let secret
+        let secret: string
         cy.get('[data-testid="node/text/totp_secret_key/text"]').then(($e) => {
           secret = $e.text().trim()
         })