fix: bypass auth redirect cookie when set to homepage

4 years ago · fe890979af
2 changed files with 12 additions and 3 deletions
--- a/client/components/login.vue
+++ b/client/components/login.vue
@ -644,7 +644,10 @@ export default {
        Cookies.set('jwt', respObj.jwt, { expires: 365 })
        _.delay(() => {
          const loginRedirect = Cookies.get('loginRedirect')
-          if (loginRedirect) {
+          if (loginRedirect === '/' && respObj.redirect) {
+            Cookies.remove('loginRedirect')
+            window.location.replace(respObj.redirect)
+          } else if (loginRedirect) {
            Cookies.remove('loginRedirect')
            window.location.replace(loginRedirect)
          } else if (respObj.redirect) {
--- a/server/models/users.js
+++ b/server/models/users.js
@ -178,7 +178,7 @@ module.exports = class User extends Model {
      const e = _.find(profile.emails, ['primary', true])
      primaryEmail = (e) ? e.value : _.first(profile.emails).value
    } else if (_.isArray(profile.email)) {
-      primaryEmail = _.first(_.flattenDeep([profile.email]));
+      primaryEmail = _.first(_.flattenDeep([profile.email]))
    } else if (_.isString(profile.email) && profile.email.length > 5) {
      primaryEmail = profile.email
    } else if (_.isString(profile.mail) && profile.mail.length > 5) {
@ -339,8 +339,14 @@ module.exports = class User extends Model {
    user.groups = await user.$relatedQuery('groups').select('groups.id', 'permissions', 'redirectOnLogin')
    let redirect = '/'
    if (user.groups && user.groups.length > 0) {
-      redirect = user.groups[0].redirectOnLogin
+      for (const grp of user.groups) {
+        if (!_.isEmpty(grp.redirectOnLogin) && grp.redirectOnLogin !== '/') {
+          redirect = grp.redirectOnLogin
+          break
+        }
+      }
    }
+    console.info(redirect)

    // Is 2FA required?
    if (!skipTFA) {