Merge pull request #95 from auth0/fix-returnTo

Fix returnTo on Login
auth0 · May 4, 2020 · dda2d3f · dda2d3f
2 parents 172ee8c + 67daff1
commit dda2d3f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 2 deletions.
diff --git a/lib/context.js b/lib/context.js
@@ -55,10 +55,17 @@ class ResponseContext {
     const config = this._config;
     const client = req.openid.client;
 
-    // Set default returnTo value, allow passed-in options to override.
+    // Set default returnTo value, allow passed-in options to override or use originalUrl on GET
+    let returnTo = this._config.baseURL;
+    if (options.returnTo) {
+      returnTo = options.returnTo;
+    } else if (req.method === 'GET' && req.originalUrl) {
+      returnTo = req.originalUrl;
+    }
+
     options = {
-      returnTo: this._config.baseURL,
       authorizationParams: {},
+      returnTo,
       ...options
     };
 

diff --git a/test/requiresAuth.tests.js b/test/requiresAuth.tests.js
@@ -30,6 +30,12 @@ describe('requiresAuth middleware', function() {
     it('should contain a location header to the issuer', function() {
       assert.include(response.headers.location, 'https://test.auth0.com');
     });
+    it('should contain a location header with state containing return url', function() {
+      const state = (new URL(response.headers.location)).searchParams.get('state');
+      const decoded = Buffer.from(state, 'base64');
+      const parsed = JSON.parse(decoded);
+      assert.equal(parsed.returnTo, '/protected');
+    });
   });
 
   describe('when removing the auth middleware', function() {