Skip to content

Fix redirect logic for pages that require authentication

Grigor Malo requested to merge authentication-fix into master

Bug description:

  1. let the user be logged in
  2. the user hits refresh on a private page (that requires authentication), or arrives at it by url - so no global state has been loaded
  3. the check for verified identity redirects the user to the identity verification page, which defaults to /ensure-verified-login
  4. Global currentUser is loaded and identity verification page the verified status of currentUser and redirects to a default page (/)
  5. Result: the user was arbitrarily redirected to a page he didn't request, e.g. user may hit refresh on his profile page, and is redirected to the homepage

Fix:

  • do not perform identity verification check unless currentUser has been loaded

Merge request reports