Redirect to previous page after logging in (#423)

Co-authored-by: riggraz <riccardo.graziosi97@gmail.com>

app/controllers/application_controller.rb

@@ -17,7 +17,9 @@ class ApplicationController < ActionController::Base
     if resource.admin? && resource.sign_in_count == 1
       root_path(tour: true)
     else
-      super
+      safe_return_to_redirect(session[:return_to]) do
+        super
+      end
     end
   end
 

app/controllers/o_auths_controller.rb

@@ -16,7 +16,7 @@ class OAuthsController < ApplicationController
     else
       @o_auth = OAuth.include_defaults.friendly.find(params[:id])
     end
-    
+
     return if params[:reason] != 'test' and not @o_auth.is_enabled?
 
     # Generate random state + other query params
@@ -53,9 +53,9 @@ class OAuthsController < ApplicationController
       authorization_code: params[:code],
       o_auth: @o_auth
     ).run
-    
+
     if reason == 'login'
-      
+
       user = OAuthSignInUserWorkflow.new(
         user_profile: user_profile,
         o_auth: @o_auth
@@ -70,7 +70,7 @@ class OAuthsController < ApplicationController
       end
 
     elsif reason == 'test'
-      
+
       unless user_signed_in? and current_user.admin?
         flash[:alert] = I18n.t('errors.unauthorized')
         redirect_to get_url_for(method(:root_url))
@@ -132,6 +132,7 @@ class OAuthsController < ApplicationController
       remember_me user
       user.invalidate_oauth_token
       flash[:notice] = I18n.t('devise.sessions.signed_in')
+
       redirect_to after_sign_in_path_for(user)
     else
       flash[:alert] = I18n.t('errors.o_auth_login_error', name: @o_auth.name)
@@ -207,4 +208,4 @@ class OAuthsController < ApplicationController
         .require(:o_auth)
         .permit(policy(@o_auth).permitted_attributes)
     end
-end
+end

app/controllers/registrations_controller.rb

@@ -1,4 +1,6 @@
 class RegistrationsController < Devise::RegistrationsController
+  include ApplicationHelper
+
   # Needed to have Current.tenant available in Devise's controllers
   prepend_before_action :load_tenant_data
   before_action :load_oauths, only: [:new]
@@ -88,12 +90,15 @@ class RegistrationsController < Devise::RegistrationsController
 
   protected
 
+    # Override Devise after inactive sign up path
     def after_inactive_sign_up_path_for(resource)
       if Current.tenant.tenant_setting.is_private
         # Redirect to log in page, since root page only visible to logged in users
         new_user_session_path
       else
-        super
+        safe_return_to_redirect(session[:return_to]) do
+          super
+        end
       end
     end
     

app/controllers/sessions_controller.rb

@@ -4,9 +4,18 @@ class SessionsController < Devise::SessionsController
   before_action :load_oauths, only: [:new]
   before_action :set_page_title, only: [:new]
 
+  def new
+    # Update return_to path if not coming from Devise user pages
+    if request.referer.present? && !request.referer.include?('/users/')
+      session[:return_to] = request.referer
+    end
+    
+    super
+  end
+
   private
 
     def set_page_title
       @page_title = t('common.forms.auth.log_in')
     end
-end
+end

app/helpers/application_helper.rb

@@ -79,4 +79,12 @@ module ApplicationHelper
     
     tenant
   end
+
+  # Redirect to previous page if present; otherwise redirect to root
+  def safe_return_to_redirect(url)
+    uri = URI.parse(url)
+    uri.host.present? && uri.host != request.host ? yield : url
+  rescue URI::InvalidURIError
+    yield
+  end
 end