Set redirect when bouncing away from token route

This ensures that when the user logs in they will be redirected back to this token, the page they wanted to access in the first place.
2025-03-13 09:54:34 +00:00 · 2017-11-15 13:30:40 +00:00 · 2017-11-15 13:30:40 +00:00 · 5df4556e9c
commit 5df4556e9c
parent a15cb64418
2 changed files with 8 additions and 0 deletions
--- a/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
+++ b/services/web/app/coffee/Features/TokenAccess/TokenAccessController.coffee
@ -52,6 +52,7 @@ module.exports = TokenAccessController =
 					else
 						logger.log {token, projectId: project._id},
 							"[TokenAccess] deny anonymous read-and-write token access"
+						AuthenticationController._setRedirectInSession(req)
 						return res.redirect('/restricted')
 				if project.owner_ref.toString() == userId
 					logger.log {userId, projectId: project._id},
--- a/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/TokenAccess/TokenAccessControllerTests.coffee
@ -48,6 +48,7 @@ describe "TokenAccessController", ->
 				@TokenAccessHandler.addReadAndWriteUserToProject = sinon.stub()
 					.callsArgWith(2, null)
 				@ProjectController.loadEditor = sinon.stub()
+				@AuthenticationController._setRedirectInSession = sinon.stub()
 				@TokenAccessController.readAndWriteToken @req, @res, @next

 			it 'should try to find a project with this token', (done) ->
@ -159,6 +160,7 @@ describe "TokenAccessController", ->
 						.callsArgWith(2, null)
 					@ProjectController.loadEditor = sinon.stub()
 					@TokenAccessHandler.grantSessionTokenAccess = sinon.stub()
+					@AuthenticationController._setRedirectInSession = sinon.stub()
 					@TokenAccessController.readAndWriteToken @req, @res, @next

 				it 'should not add the user to the project with read-write access', (done) ->
@ -176,6 +178,11 @@ describe "TokenAccessController", ->
 					expect(@ProjectController.loadEditor.calledWith(@req, @res, @next)).to.equal false
 					done()

+				it 'should set redirect in session', (done) ->
+					expect(@AuthenticationController._setRedirectInSession.callCount).to.equal 1
+					expect(@AuthenticationController._setRedirectInSession.calledWith(@req)).to.equal true
+					done()
+
 				it 'should redirect to restricted page', (done) ->
 					expect(@res.redirect.callCount).to.equal 1
 					expect(@res.redirect.calledWith('/restricted')).to.equal true