From 2510483815eabec543b66076d0cb118de7bca66e Mon Sep 17 00:00:00 2001
From: Mart van Santen <mart@greenhost.nl>
Date: Thu, 18 Nov 2021 10:14:29 +0100
Subject: [PATCH] Keep auth flow when logging in.

---
 login/app.py                     | 28 ++++++++++++++++++----------
 login/static/base.js             | 10 +++++-----
 login/static/js/js.cookie.min.js |  2 ++
 3 files changed, 25 insertions(+), 15 deletions(-)
 create mode 100644 login/static/js/js.cookie.min.js

diff --git a/login/app.py b/login/app.py
index 59c1a9f..aa4adf9 100644
--- a/login/app.py
+++ b/login/app.py
@@ -333,17 +333,11 @@ def login():
             api_url = app.config["KRATOS_PUBLIC_URL"],
             id = id)
 
-    # 
     flow = request.args.get("flow")
-    return_to =  request.args.get("return_to")
-    if not flow:
-
-        if return_to:
-            arg = "?return_to=" + urllib.parse.quote_plus(return_to)
-        else:
-            arg = ""
+    auth =  request.args.get("auth")
 
-        return redirect(app.config["KRATOS_PUBLIC_URL"] + "self-service/login/browser" + arg)
+    if not flow:
+        return redirect(app.config["KRATOS_PUBLIC_URL"] + "self-service/login/browser")
 
     return render_template(
         'login.html',
@@ -373,10 +367,24 @@ def auth():
     id = getid()
 
 
+    # If the user is not logged in yet, we redirect to the login page
+    # but before we do taht, we set the "flow_state" cookie to auth.
+    # so the UI know it has to redirect after successful login.
+    # The redirect URL is back to this page (auth) with the same challenge.
+    # so we can pickup the flow where we left off
     if not id:
         url = app.config["PUBLIC_URL"] + "/auth?login_challenge=" + challenge;
         url = urllib.parse.quote_plus(url)
-        return redirect("login?auth=" +url)
+
+        app.logger.info("Redirecting to login. Setting flow_state cookies")
+        app.logger.info("auth_url: " + url)
+
+        response = redirect("login")
+        response.set_cookie('flow_state', 'auth')
+        response.set_cookie('auth_url', url)
+        return response
+
+#        return redirect("login?auth=" +url)
 
 
 
diff --git a/login/static/base.js b/login/static/base.js
index 0885d23..a2faacc 100644
--- a/login/static/base.js
+++ b/login/static/base.js
@@ -15,12 +15,12 @@ $.urlParam = function(name) {
 
 function flow_login_auth() {
         state = Cookies.get('flow_state');
-        url = Cookies.set('auth_url');
-        console.log(state);
-        console.log(url);
-
-
+        url = Cookies.get('auth_url');
 
+        if (state == 'auth') {
+            Cookies.set('flow_state','');
+            window.location.href = url;
+        }
 }
 
 function flow_login() {
diff --git a/login/static/js/js.cookie.min.js b/login/static/js/js.cookie.min.js
new file mode 100644
index 0000000..90a7672
--- /dev/null
+++ b/login/static/js/js.cookie.min.js
@@ -0,0 +1,2 @@
+/*! js-cookie v3.0.1 | MIT */
+!function(e,t){"object"==typeof exports&&"undefined"!=typeof module?module.exports=t():"function"==typeof define&&define.amd?define(t):(e=e||self,function(){var n=e.Cookies,o=e.Cookies=t();o.noConflict=function(){return e.Cookies=n,o}}())}(this,(function(){"use strict";function e(e){for(var t=1;t<arguments.length;t++){var n=arguments[t];for(var o in n)e[o]=n[o]}return e}return function t(n,o){function r(t,r,i){if("undefined"!=typeof document){"number"==typeof(i=e({},o,i)).expires&&(i.expires=new Date(Date.now()+864e5*i.expires)),i.expires&&(i.expires=i.expires.toUTCString()),t=encodeURIComponent(t).replace(/%(2[346B]|5E|60|7C)/g,decodeURIComponent).replace(/[()]/g,escape);var c="";for(var u in i)i[u]&&(c+="; "+u,!0!==i[u]&&(c+="="+i[u].split(";")[0]));return document.cookie=t+"="+n.write(r,t)+c}}return Object.create({set:r,get:function(e){if("undefined"!=typeof document&&(!arguments.length||e)){for(var t=document.cookie?document.cookie.split("; "):[],o={},r=0;r<t.length;r++){var i=t[r].split("="),c=i.slice(1).join("=");try{var u=decodeURIComponent(i[0]);if(o[u]=n.read(c,u),e===u)break}catch(e){}}return e?o[e]:o}},remove:function(t,n){r(t,"",e({},n,{expires:-1}))},withAttributes:function(n){return t(this.converter,e({},this.attributes,n))},withConverter:function(n){return t(e({},this.converter,n),this.attributes)}},{attributes:{value:Object.freeze(o)},converter:{value:Object.freeze(n)}})}({read:function(e){return'"'===e[0]&&(e=e.slice(1,-1)),e.replace(/(%[\dA-F]{2})+/gi,decodeURIComponent)},write:function(e){return encodeURIComponent(e).replace(/%(2[346BF]|3[AC-F]|40|5[BDE]|60|7[BCD])/g,decodeURIComponent)}},{path:"/"})}));
-- 
GitLab