Login/logout returns you to the same page

In the login case, we save the `return_to` parameter in the session, because login can be a multi-step process.

In the logout case, we just read it directly from the form params.

Note that you *could* end up in a weird scenario where an old return_to value sticks around for a bit? But we have the sense to delete it when we use it on a successful sign-in, and most links to the login page come with a `return_to` param which should reset it. So, you'd have to 1) have started but not finished a sign-in, 2) during the same session, and 3) get to the login page by an unusual means.

Probably fine!
This commit is contained in:
Emi Matchu 2023-08-06 18:24:23 -07:00
parent e79428fa28
commit 45090b8d1c
3 changed files with 23 additions and 5 deletions

View file

@ -10,6 +10,8 @@ class ApplicationController < ActionController::Base
before_action :set_locale before_action :set_locale
before_action :configure_permitted_parameters, if: :devise_controller? before_action :configure_permitted_parameters, if: :devise_controller?
before_action :save_return_to_path,
if: ->(c) { c.controller_name == 'sessions' && c.action_name == 'new' }
def authenticate_user! def authenticate_user!
redirect_to(new_auth_user_session_path) unless user_signed_in? redirect_to(new_auth_user_session_path) unless user_signed_in?
@ -79,5 +81,24 @@ class ApplicationController < ActionController::Base
devise_parameter_sanitizer.permit(:sign_up, keys: [:email]) devise_parameter_sanitizer.permit(:sign_up, keys: [:email])
devise_parameter_sanitizer.permit(:account_update, keys: [:email]) devise_parameter_sanitizer.permit(:account_update, keys: [:email])
end end
def save_return_to_path
if params[:return_to]
Rails.logger.debug "Saving return_to path: #{params[:return_to].inspect}"
session[:devise_return_to] = params[:return_to]
end
end
def after_sign_in_path_for(user)
return_to = session.delete(:devise_return_to)
Rails.logger.debug "Using return_to path: #{return_to.inspect}"
return_to || root_path
end
def after_sign_out_path_for(user)
return_to = params[:return_to]
Rails.logger.debug "Using return_to path: #{return_to.inspect}"
return_to || root_path
end
end end

View file

@ -156,10 +156,6 @@ module ApplicationHelper
end.html_safe end.html_safe
end end
end end
def return_to_field_tag
hidden_field_tag :return_to, request.fullpath
end
def safely_to_json(obj) def safely_to_json(obj)
obj.to_json.gsub('/', '\/') obj.to_json.gsub('/', '\/')

View file

@ -48,7 +48,8 @@
= link_to t('.userbar.items'), user_closet_hangers_path(current_user), :id => 'userbar-items-link' = link_to t('.userbar.items'), user_closet_hangers_path(current_user), :id => 'userbar-items-link'
= link_to t('.userbar.outfits'), current_user_outfits_path = link_to t('.userbar.outfits'), current_user_outfits_path
= link_to t('.userbar.settings'), edit_auth_user_registration_path = link_to t('.userbar.settings'), edit_auth_user_registration_path
= button_to t('.userbar.logout'), destroy_auth_user_session_path, method: :delete = button_to t('.userbar.logout'), destroy_auth_user_session_path, method: :delete,
params: {return_to: request.fullpath}
- else - else
= link_to auth_user_sign_in_path_with_return_to, :id => 'userbar-log-in' do = link_to auth_user_sign_in_path_with_return_to, :id => 'userbar-log-in' do
%span= t('.userbar.login') %span= t('.userbar.login')