Skip to content

Fix registration invite links losing token on external redirect#3215

Merged
gantoine merged 3 commits intomasterfrom
copilot/fix-registration-link-redirects
Apr 3, 2026
Merged

Fix registration invite links losing token on external redirect#3215
gantoine merged 3 commits intomasterfrom
copilot/fix-registration-link-redirects

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 3, 2026
edited
Loading

Invite links (/register?token=###) consistently redirect to /login?next=/register when accessed externally, stripping the token and making registration impossible.

Root cause: Two places constructed the next redirect value using only the URL path, dropping query params:

  • 403 interceptor (services/api/index.ts): when an API call (e.g. fetchCurrentUser()) returns 403 due to CSRF/session issues through a reverse proxy, the redirect to login only captured window.location.pathname, not the full URL with search params
  • Router navigation guard (plugins/router.ts): unauthenticated route redirects used to.path instead of to.fullPath

Changes:

  • frontend/src/services/api/index.ts: use pathname + search as the next value so query params are preserved
// Before
next: params.get("next") ?? (pathname !== "/login" ? pathname : "/"),

// After
const fullPath = pathname + search;
next: params.get("next") ?? (pathname !== "/login" ? fullPath : "/"),
  • frontend/src/plugins/router.ts: replace to.path with to.fullPath in the auth redirect guard so any query params on protected routes are also preserved through login

Copilot AI linked an issue Apr 3, 2026 that may be closed by this pull request
[Bug] Registration Links Redirect to Login Page Externally, Work Fine Internally #3197
Closed
Copilot AI changed the title [WIP] Fix registration links redirecting to login page externally Fix registration invite links losing token on external redirect Apr 3, 2026
Copilot AI requested a review from gantoine April 3, 2026 17:25
@gantoine gantoine marked this pull request as ready for review April 3, 2026 18:01
Copilot AI review requested due to automatic review settings April 3, 2026 18:01
Copilot AI reviewed Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes invite/registration flows where redirects to /login were dropping query parameters (notably /register?token=...) by ensuring the next parameter preserves the full path including the query string.

Changes:

  • Preserve query params when building the next redirect value in the API 403 interceptor.
  • Preserve query params when building the next redirect value in the router auth navigation guard.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
frontend/src/services/api/index.ts Uses pathname + search for next so query params (e.g., invite tokens) survive login redirects triggered by 403 handling.
frontend/src/plugins/router.ts Uses to.fullPath for next so protected-route redirects keep the original query params through login.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@gantoine gantoine merged commit f90d5d5 into master Apr 3, 2026
9 checks passed
@gantoine gantoine deleted the copilot/fix-registration-link-redirects branch April 3, 2026 18:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

+1 more reviewer

@gantoine gantoine gantoine approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@gantoine gantoine

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[Bug] Registration Links Redirect to Login Page Externally, Work Fine Internally

3 participants

@gantoine