Redirect to root after login if no path provided

If we do not do this, then people that login from /login will just be redirected back to the login page. We'd rather have them see the root path.
2024-11-26 10:50:26 -06:00 · 2013-06-04 15:34:54 -07:00 · 2013-06-04 15:34:54 -07:00 · 978785720a
commit 978785720a
parent 92a4828f72
2 changed files with 30 additions and 3 deletions
--- a/app/controllers/static_controller.rb
+++ b/app/controllers/static_controller.rb
@ -30,8 +30,13 @@ class StaticController < ApplicationController
  def enter
    params.delete(:username)
    params.delete(:password)
-    redirect_to(params[:redirect] || '/')
+
+    redirect_to(
+      if params[:redirect].blank? || params[:redirect].match(login_path)
+        root_path
+      else
+        params[:redirect]
+      end
+    )
  end
-
-
 end
--- a/spec/controllers/static_controller_spec.rb
+++ b/spec/controllers/static_controller_spec.rb
@ -24,4 +24,26 @@ describe StaticController do
    end
  end

+  describe '#enter' do
+    context 'without a redirect path' do
+      it 'redirects to the root url' do
+        xhr :post, :enter
+        expect(response).to redirect_to root_path
+      end
+    end
+
+    context 'with a redirect path' do
+      it 'redirects to the redirect path' do
+        xhr :post, :enter, redirect: '/foo'
+        expect(response).to redirect_to '/foo'
+      end
+    end
+
+    context 'when the redirect path is the login page' do
+      it 'redirects to the root url' do
+        xhr :post, :enter, redirect: login_path
+        expect(response).to redirect_to root_path
+      end
+    end
+  end
 end