Try to redirect back on unauthorized accesses

lib/spree/auth/engine.rb

@@ -30,10 +30,10 @@ def self.prepare_backend
         Spree::Admin::BaseController.unauthorized_redirect = -> do
           if try_spree_current_user
             flash[:error] = I18n.t('spree.authorization_failure')
-            redirect_to spree.admin_unauthorized_path
+            redirect_back(fallback_location: spree.admin_unauthorized_path)
           else
             store_location
-            redirect_to spree.admin_login_path
+            redirect_back(fallback_location: spree.admin_login_path)
           end
         end
       end
@@ -42,10 +42,10 @@ def self.prepare_frontend
         Spree::BaseController.unauthorized_redirect = -> do
           if try_spree_current_user
             flash[:error] = I18n.t('spree.authorization_failure')
-            redirect_to spree.unauthorized_path
+            redirect_back(fallback_location: spree.unauthorized_path)
           else
             store_location
-            redirect_to spree.login_path
+            redirect_back(fallback_location: spree.login_path)
           end
         end
       end

spec/controllers/spree/admin/base_controller_spec.rb

@@ -11,16 +11,38 @@ def index; authorize!(:read, :something); end
     context "when user is logged in" do
       before { sign_in(create(:user)) }
 
-      it "redirects to unauthorized path" do
-        get :index
-        expect(response).to redirect_to(spree.admin_unauthorized_path)
+      context "when http_referrer is not present" do
+        it "redirects to unauthorized path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_unauthorized_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
       end
     end
 
     context "when user is not logged in" do
-      it "redirects to login path" do
-        get :index
-        expect(response).to redirect_to(spree.admin_login_path)
+      context "when http_referrer is not present" do
+        it "redirects to login path" do
+          get :index
+          expect(response).to redirect_to(spree.admin_login_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
       end
     end
   end

spec/controllers/spree/base_controller_spec.rb

@@ -11,16 +11,38 @@ def index; authorize!(:read, :something); end
     context "when user is logged in" do
       before { sign_in(create(:user)) }
 
-      it "redirects to unauthorized path" do
-        get :index
-        expect(response).to redirect_to(spree.unauthorized_path)
+      context "when http_referrer is not present" do
+        it "redirects to unauthorized path" do
+          get :index
+          expect(response).to redirect_to(spree.unauthorized_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
       end
     end
 
     context "when user is not logged in" do
-      it "redirects to login path" do
-        get :index
-        expect(response).to redirect_to(spree.login_path)
+      context "when http_referrer is not present" do
+        it "redirects to login path" do
+          get :index
+          expect(response).to redirect_to(spree.login_path)
+        end
+      end
+
+      context "when http_referrer is present" do
+        before { request.env['HTTP_REFERER'] = '/redirect' }
+
+        it "redirects back" do
+          get :index
+          expect(response).to redirect_to('/redirect')
+        end
       end
     end
   end