Parse referrer from omniauth.origin if present

pulibrary · Jan 23, 2025 · 855bb77 · 855bb77
1 parent d84cdf3
commit 855bb77
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 2 deletions.
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
@@ -21,7 +21,6 @@ def after_sign_in_path_for(resource)
     Rails.logger.info("DEBUG LOGIN: Referrer: #{referrer}")
     Rails.logger.info("DEBUG LOGIN: Origin: #{origin}")
     Rails.logger.info("DEBUG LOGIN: request.env['omniauth.origin']: #{request.env['omniauth.origin']}")
-
     if referrer.present? && (referrer.exclude?("sign_in") && !origin&.include?("redirect-to-alma"))
       Rails.logger.info("DEBUG LOGIN: Sending to referrer: #{referrer}")
       referrer
@@ -33,7 +32,7 @@ def after_sign_in_path_for(resource)
     elsif !request.env['omniauth.origin'].nil? &&
           /request|borrow-direct|email|bookmarks|search_history|redirect-to-alma/.match(request.env['omniauth.origin'])
       Rails.logger.info("DEBUG LOGIN: Sending to request.env['omniauth.origin']: #{request.env['omniauth.origin']}")
-      request.env['omniauth.origin']
+      referrer_from_url(request.env['omniauth.origin'])
     elsif stored_location.present?
       Rails.logger.info("DEBUG LOGIN: Sending to stored_location: #{stored_location}")
       stored_location
@@ -77,6 +76,15 @@ def verify_admin!
       head :forbidden unless current_user.admin?
     end
 
+    def referrer_from_url(url)
+      query = URI.parse(url).query
+      if query
+        CGI.parse(query).try(:[], "referer")&.first
+      else
+        url
+      end
+    end
+
     before_action do
       Rack::MiniProfiler.authorize_request if current_user&.admin?
     end

diff --git a/spec/requests/application_spec.rb b/spec/requests/application_spec.rb
@@ -60,6 +60,18 @@
           get '/users/sign_in/'
           expect(response).to redirect_to('/bookmarks')
         end
+        context 'if the origin is the account/digitization_requests page' do
+          around do |example|
+            Rails.application.env_config["omniauth.origin"] = '/users/sign_in?referer=%2Faccount%2Fdigitization_requests'
+            example.run
+            Rails.application.env_config.except!("omniauth.origin")
+          end
+
+          it 'sends the user back to the account/digitization_requests page' do
+            get '/users/sign_in'
+            expect(response).to redirect_to('/account/digitization_requests')
+          end
+        end
       end
       # rubocop:disable RSpec/AnyInstance
       context 'only with devise stored_location_for' do