BookStack icon indicating copy to clipboard operation
BookStack copied to clipboard
verified publisher icon BookStackApp

[Feature Request]: Allow the use of login URL query param that dictates route post login

Open cod3monk opened this issue 3 years ago • 5 comments

Describe the feature you'd like

When a guest (not logged in user) requests a forbidden create-page action, offer the user to authenticate and continue with the page creation according to the original request.

Describe the benefits this feature would bring to BookStack users

Currently, the user is redirected to the main page and presented with an error message. The only reasonable way to proceed from here would be to login and reopen the original link, or to login and then manually navigate to the appropriate location in the wiki and click on create.

Additional context

I want to pass a create-page link to a large crowd (of mostly non-techs) that will allow them to quickly create a page within a certain book. Having to explain them where specifically they are supposed to create the page and that they will have to login first, makes this process more tedious for everyone.

cod3monk avatar Jan 31 '22 12:01 cod3monk

Thank you for the request @cod3monk.

In terms of the exact implementation you have requested, I don't see this as something suitable for addition with BookStack. Although we could redirect them to the login page, we don't have a way to know if they'd have permission after they logged in. This could result in a permission error redirecting to the login page, only for the user to login and see they still don't have permission.

I understand your use-case though. I think it may work if we added something more generic to work for a wider set of potential use-cases, while being easier to implement/maintain. Would the following sound sufficient?:

  • Addition of a redirect parameter to he login URL.
  • On successful login, or if already logged in, the user would be redirected to the given redirect path.
  • The link you may share would look something like this:
    • https://demo.bookstackapp.com/login?redirect=/books/dummy-content-book/create-page
  • We'd have to ensure only paths leading within the instance can be provided (So no full URLs, leading to other domains) to prevent any open redirects as a security concern.

ssddanbrown avatar Feb 08 '22 17:02 ssddanbrown

That would work for me.

cod3monk avatar Feb 08 '22 19:02 cod3monk

Awesome, Will re-focus the title of this issue.

ssddanbrown avatar Feb 08 '22 20:02 ssddanbrown

This feature would be awesome even just for page viewing (non-action based URLs).

We run into the issue a lot since the Bookstack session isn't tied to our own custom Company user session, and so "Logging into our company" doesn't carry over to Bookstack. And since most of our users "live" in Slack, most of them navigate to Bookstack through a link that takes them to a specific page -- but alas, they never make it to that page post-login.

Edit: Although it sounds like Dan Brown's solution would require us to update All Links we save to look like https://demo.bookstackapp.com/login?redirect=/... which would be be tedious and error-prone

Edit 2:

This could result in a permission error redirecting to the login page, only for the user to login and see they still don't have permission.

I think that's exactly how Link Redirect to LoginPage With Redirect is supposed to work and works on other platforms.

What makes you say that this is "[not] suitable for addition with BookStack"?

benz2012 avatar May 18 '22 16:05 benz2012