Parse referrer from omniauth.origin if present

pulibrary · Jan 23, 2025 · 78df36a · 78df36a
1 parent 6ec1f5b
commit 78df36a
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 2 deletions.
diff --git a/.reek.yml b/.reek.yml
@@ -853,6 +853,7 @@ detectors:
     - AccountController#cancel_ill_success
     - AccountController#current_patron
     - ApplicationController#default_url_options
+    - ApplicationController#referrer_from_url
     - BookmarksController#csv_bom
     - BookmarksController#two_values
     - Orangelight::Catalog#online_holding_note?

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -15,7 +15,6 @@ class ApplicationController < ActionController::Base
 
   def after_sign_in_path_for(resource)
     stored_location = stored_location_for(resource)
-
     if referrer.present? && (referrer.exclude?("sign_in") && !origin&.include?("redirect-to-alma"))
       referrer
     elsif origin.present?
@@ -24,7 +23,7 @@ def after_sign_in_path_for(resource)
       origin.chomp('/email')
     elsif !request.env['omniauth.origin'].nil? &&
           /request|borrow-direct|email|bookmarks|search_history|redirect-to-alma/.match(request.env['omniauth.origin'])
-      request.env['omniauth.origin']
+      referrer_from_url(request.env['omniauth.origin'])
     elsif stored_location.present?
       stored_location
     else
@@ -66,6 +65,15 @@ def verify_admin!
       head :forbidden unless current_user.admin?
     end
 
+    def referrer_from_url(url)
+      query = URI.parse(url).query
+      if query
+        CGI.parse(query).try(:[], "referer")&.first
+      else
+        url
+      end
+    end
+
     before_action do
       Rack::MiniProfiler.authorize_request if current_user&.admin?
     end

diff --git a/spec/requests/application_spec.rb b/spec/requests/application_spec.rb
@@ -60,6 +60,18 @@
           get '/users/sign_in/'
           expect(response).to redirect_to('/bookmarks')
         end
+        context 'if the origin is the account/digitization_requests page' do
+          around do |example|
+            Rails.application.env_config["omniauth.origin"] = '/users/sign_in?referer=%2Faccount%2Fdigitization_requests'
+            example.run
+            Rails.application.env_config.except!("omniauth.origin")
+          end
+
+          it 'sends the user back to the account/digitization_requests page' do
+            get '/users/sign_in'
+            expect(response).to redirect_to('/account/digitization_requests')
+          end
+        end
       end
       # rubocop:disable RSpec/AnyInstance
       context 'only with devise stored_location_for' do