Redirected to the previous instead of the the session url

lonnieezell / myth-auth

One-stop Auth package for CodeIgniter 4

MIT License

632 stars 206 forks source link

Redirected to the previous instead of the the session url #550

Closed DhPandya closed 2 years ago

DhPandya commented 2 years ago

When I'm trying to log in it redirects to the previous URL after login is succeeded. Maybe this creates an issue when developers is working with the Admin-Client-based system. The login method of the AuthController is setting up the redirect URL where the previous URL is assigned to the session instead of the site URL.

Example: If the URL is an example.com/admin/login and i logged in, it redirects me to the example.com instead of the example.com/admin

manageruz commented 2 years ago

Hi DhPandya

First scenario: If you open your web browser and insert url like example.com/admin/somesecretplace which is auth protected with login filter, then filter will save your current url to the session and redirect you to the login page. After successful authentication you'll be redirected to your example.com/admin/somesecretplace.

Second scenario: If you open your web browser and insert url like example.com/login and authenticate with your credentials, then you'll be redirected to the example.com/ url. This is default behavior, because we have no previous_url and we have no redirect_url session value.

From your code we can assume that you are using separate controller for admin authentication. If so you can modify attemptLogin method of your controller, find this line $redirectURL = session('redirect_url') ?? site_url('/'); and change where ever place you want, for example like this $redirectURL = session('redirect_url') ?? site_url('/admin');

DhPandya commented 2 years ago

@manageruz Thanks for the reply. In the CI the previous URL will return the "/" if no previous URL will be there. You can verify it in the screenshot. Show in that case as I have attached the screenshot above in the question the previous URL will always come up with some URL. So the above condition of previous_url() will always get executed If there will be no value in the session. Maybe the last condition in the above image will never get executed. And I'm using the default controller that comes with the myth-auth.

Thanks.

manageruz commented 2 years ago

If you use single controller for admins and users you still can modify your attemptLogin() method. Find this line $redirectURL = session('redirect_url') ?? site_url('/'); and modify it like $whereToGo = service('authorization')->inGroup('admin', $this->auth->id()) ? route_to('dashboard') : route_to('home'); $redirectURL = session('redirect_url') ?? $whereToGo;

DhPandya commented 2 years ago

For admin, I'm using the single controller that is AuthController.php. For users, I'm using another controller.

manageruz commented 2 years ago

So the above condition of previous_url() will always get executed If there will be no value in the session. Maybe the last condition in the above image will never get executed.

Yes, you're right. site_url('/') is redundant code. Feel free to make a PR to fix it.

For admin, I'm using the single controller that is AuthController.php. For users, I'm using another controller.

In that case just change the values of redirect_url by your need in login() and attemptLogin() methods of authController for your admins.

premiumwatchdevice commented 6 months ago

`    public function login(): string
    {
        if (logged_in()) {
            header("Location: " . previous_url());
            die();
            return false;
        }
        return view('login');
    }`