From b80b586d65b1fc9aa7611ee0660b5a47b4e168a3 Mon Sep 17 00:00:00 2001
From: Benedikt Kulmann <benedikt@kulmann.biz>
Date: Fri, 28 Apr 2023 00:43:34 +0200
Subject: [PATCH] fix: infinite login redirect loop

---
 changelog/unreleased/bugfix-infinite-login-redirect   | 8 ++++++++
 packages/web-runtime/src/services/auth/authService.ts | 5 +++++
 2 files changed, 13 insertions(+)
 create mode 100644 changelog/unreleased/bugfix-infinite-login-redirect

diff --git a/changelog/unreleased/bugfix-infinite-login-redirect b/changelog/unreleased/bugfix-infinite-login-redirect
new file mode 100644
index 00000000000..b05c4b86683
--- /dev/null
+++ b/changelog/unreleased/bugfix-infinite-login-redirect
@@ -0,0 +1,8 @@
+Bugfix: Infinite login redirect
+
+We've fixed a bug where a user would fall into an infinite redirect between login and accessDenied page if a) the user had valid IdP credentials but was not permitted in ocis, b) the user has authenticated successfully but then got deleted in the meantime.
+
+https://github.com/owncloud/web/issues/8928
+https://github.com/owncloud/web/issues/7354
+https://github.com/owncloud/web/issues/4677
+https://github.com/owncloud/web/pull/8947
diff --git a/packages/web-runtime/src/services/auth/authService.ts b/packages/web-runtime/src/services/auth/authService.ts
index 0bffd74570f..48db9255374 100644
--- a/packages/web-runtime/src/services/auth/authService.ts
+++ b/packages/web-runtime/src/services/auth/authService.ts
@@ -219,7 +219,12 @@ export class AuthService {
     }
     if (isUserContext(this.router, route)) {
       await this.userManager.removeUser('authError')
+      return
     }
+    // authGuard is taking care of redirecting the user to the
+    // accessDenied page if hasAuthErrorOccurred is set to true
+    // we can't push the route ourselves, see authGuard for details.
+    this.hasAuthErrorOccurred = true
   }
 
   public async resolvePublicLink(token: string, passwordRequired: boolean, password: string) {