registration icon indicating copy to clipboard operation
registration copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

Preserve redirect_url during registration

Open TheOneWithTheBraid opened this issue 3 years ago • 1 comments

Steps to reproduce

  1. We use a Nextcloud app giving access to public ressources with invite links while requiring registration / login.
  2. Users can get the link e.g. by a QR code
    • If the users log in, it's fine, they are being redirected to the correct app and ressource
    • If the users press the reqistration button on the login-screen, the redirect_url gets lost

Expected behaviour

We are looking for a way to preserver redirect_url from the login screen for the registration process.

Actual behaviour

redirect_url is simply removed by anchor elements.

Possible implementation

1. Use as URI parameter as in login

In our use case, we do not verify Emails (waiting for #301 to fully get rid of it) and users are redirected to the dashboard immediately after their registration.
If would be easy to add the current page's return_url to the href of the big Registration-button on the login screen and preserving it on every next navigation. At the last registration step, the redirect_url might be read and in case it's present, redirect the just registered user to.

2. Store as local property

Pressing the Registarion-button on the login-screen might trigger the frontend to save the redirect_url in local storage. In this case, the newly opened tab from the registration verification link can know the proper redirect_url too.

3. Store it (No!)

I do not like this option for privacy reasons and would not recommend to implement it but for transparency, I tell it anyway: The redirect_url could be stored on the server to support redirect even in case you open the verification link on another device. This would be an immense privacy hole.

Server configuration

Really doesn't matter. It's a feature request and not a bug.

TheOneWithTheBraid avatar Jun 17 '21 05:06 TheOneWithTheBraid

Neat idea.

1. is a bit fragile with email confirmation, as I wouldn't want to have the redirect sent via email, but that would mean you loose the redirect when you click the link in the email and if you mistype your email someone has a sharelink at hand or so. So we would need to use 2. or we accept the "if you click the link instead of copy the code you loose it" penalty

nickvergessen avatar Jun 17 '21 06:06 nickvergessen