Contrib.social

Add redirect to previous url from 403 for registration page

Open on Drupal.org β†’
Created on 11 November 2023, about 1 year ago

Problem/Motivation

The 3 pages are served as the homepage (when configured) via a very nice looking design through javascript hide/show on-click events.

There's a 403 Access Forbidden handler that redirects a user to the /user/login route with a prev_path URL parameter meant to be used to ensure users are sent to their original destination after log in.

However, though the "Create new account" and "Request new password" links load the content via javascript, and, as a result, the URL parameter is not removed via a redirect/page-refresh, the actual redirect to that prev_path only exists in the opigno_dashboard_user_login_submit() submit handler. This means that successful account creation won't send the new user to the original destination, and, the password reset email does not contain the destination either.

Additionally, it is fragile--the prev_path parameter is removed on form submit if a form fails validation.

Steps to reproduce

  1. With a Opigno instance, create a page that is not accessible to Anonymous users.
  2. Visit that page while not logged in.
  3. You should be redirected to the login page with a prev_path URL parameter to your original destination.
  4. Log in, you will successfully be redirected.
  5. Log out, and try again, only this time, create a new account. You will not be redirected to your original destination.
  6. Log out, and try again, only this time, create a new account, but enter non-matching passwords. When the form validation reloads the page, the prev_path URL parameter will be missing.
  7. Log out, and try again, only this time, request a new password. Your password reset link will not redirect to your original destination.

Proposed resolution

TBD

✨ Feature request
Status

Closed: works as designed

Version

3.1

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States jcandan

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

  • Issue created by @jcandan
  • Status changed to Closed: works as designed about 1 year ago
  • Comment about 1 year ago β†’
    πŸ‡ΊπŸ‡ΈUnited States jcandan

    I realized that when someone is presented with a 403 Forbidden, they are given the opportunity to log in and are thusly redirected successfully to their desired, previously forbidden destination.

    My use-case was to require registration before e-commerce checkout. This assumes registration is open to visitors without at either email verification or admin approval--a poor choice for user validation. I realized it would be better if I ensured that an account is created when the user completes checkout (not using Drupal Commerce for my implementation).

    Leaving this here for posterity. Marking Closed (works as designed).

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024