fix: OPTIC-1472: Next parameter isn't being set on /user/login after failed auth (#6813)

mcanu · web-flow · commit 51fc1b0d5048 · 2025-01-06T11:08:00.000-05:00
Co-authored-by: mcanu &lt;mcanu@users.noreply.github.com&gt;
diff --git a/label_studio/core/settings/base.py b/label_studio/core/settings/base.py
@@ -526,7 +526,7 @@
 PROJECT_TITLE_MIN_LEN = 3
 PROJECT_TITLE_MAX_LEN = 50
 LOGIN_REDIRECT_URL = '/'
-LOGIN_URL = '/'
+LOGIN_URL = '/user/login/'
 MIN_GROUND_TRUTH = 10
 DATA_UNDEFINED_NAME = '$undefined$'
 LICENSE = {}
diff --git a/label_studio/users/templates/users/new-ui/user_login.html b/label_studio/users/templates/users/new-ui/user_login.html
@@ -3,7 +3,7 @@
 {% block user_content %}
   <div class="form-wrapper">
     <h2>Log in</h2>
-    <form id="login-form" action="{% url 'user-login' %}{% if next %}?next={{ next }}{% endif %}" method="post">
+    <form id="login-form" action="{% url 'user-login' %}?next={{ next }}" method="post">
       {% csrf_token %}
       <div class="input-wrapper">
         <label>Email Address</label>
@@ -30,7 +30,7 @@ <h2>Log in</h2>
   {% if not settings.DISABLE_SIGNUP_WITHOUT_LINK %}
   <div class="text-wrapper">
     <p class="">Don't have an account?</p>
-    <a href="{{ settings.HOSTNAME }}/user/signup">Sign up</a>
+    <a href="{% url 'user-signup' %}{% querystring %}">Sign up</a>
   </div>
   {% endif %}
 {% endblock %}
diff --git a/label_studio/users/templates/users/new-ui/user_signup.html b/label_studio/users/templates/users/new-ui/user_signup.html
@@ -5,7 +5,7 @@
   <div class="form-wrapper">
     <h2>Sign Up</h2>
     <form id="signup-form"
-        action="{% url 'user-signup' %}?{% if next %}&next={{ next }}{% endif %}{% if token %}&token={{ token }}{% endif %}"
+        action="{% url 'user-signup' %}?next={{ next }}{% if token %}&token={{ token }}{% endif %}"
         method="post"
     >
     {% csrf_token %}
@@ -69,7 +69,7 @@ <h2>Sign Up</h2>
   </div>
   <div class="text-wrapper">
     <p class="">Already have an account?</p>
-    <a href="{{ settings.HOSTNAME }}/user/login">Log in</a>
+    <a href="{% url 'user-login' %}{% querystring %}">Log in</a>
   </div>
   <script>
     document.querySelector("#how_find_us").addEventListener('change', function(e) {
diff --git a/label_studio/users/templates/users/user_login.html b/label_studio/users/templates/users/user_login.html
@@ -1,7 +1,7 @@
 {% extends 'users/user_base.html' %}
 
 {% block user_content %}
-  <form id="login-form" action="{% url 'user-login' %}{% if next %}?next={{ next }}{% endif %}" method="post">
+  <form id="login-form" action="{% url 'user-login' %}?next={{ next }}" method="post">
     {% csrf_token %}
     <p><input type="text" class="lsf-input-ls" name="email" id="email" placeholder="Email" value="{{ form.data.email }}"></p>
     <p><input type="password" class="lsf-input-ls" name="password" id="password" placeholder="Password"></p>
diff --git a/label_studio/users/templates/users/user_signup.html b/label_studio/users/templates/users/user_signup.html
@@ -4,7 +4,7 @@
 {% block user_content %}
 
   <form id="signup-form"
-        action="{% url 'user-signup' %}?{% if next %}&next={{ next }}{% endif %}{% if token %}&token={{ token }}{% endif %}"
+        action="{% url 'user-signup' %}?next={{ next }}{% if token %}&token={{ token }}{% endif %}"
         method="post"
   >
     {% csrf_token %}
diff --git a/label_studio/users/views.py b/label_studio/users/views.py
@@ -1,6 +1,7 @@
 """This file and its contents are licensed under the Apache License 2.0. Please see the included NOTICE for copyright information and LICENSE for a copy of the license.
 """
 import logging
+from urllib.parse import quote
 
 from core.feature_flags import flag_set
 from core.middleware import enforce_csrf_checks
@@ -73,7 +74,7 @@ def user_signup(request):
             {
                 'user_form': user_form,
                 'organization_form': organization_form,
-                'next': next_page,
+                'next': quote(next_page),
                 'token': token,
                 'found_us_options': forms.FOUND_US_OPTIONS,
                 'elaborate': forms.FOUND_US_ELABORATE,
@@ -86,7 +87,7 @@ def user_signup(request):
         {
             'user_form': user_form,
             'organization_form': organization_form,
-            'next': next_page,
+            'next': quote(next_page),
             'token': token,
         },
     )
@@ -125,9 +126,9 @@ def user_login(request):
             return redirect(next_page)
 
     if flag_set('fflag_feat_front_lsdv_e_297_increase_oss_to_enterprise_adoption_short'):
-        return render(request, 'users/new-ui/user_login.html', {'form': form, 'next': next_page})
+        return render(request, 'users/new-ui/user_login.html', {'form': form, 'next': quote(next_page)})
 
-    return render(request, 'users/user_login.html', {'form': form, 'next': next_page})
+    return render(request, 'users/user_login.html', {'form': form, 'next': quote(next_page)})
 
 
 @login_required

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@`
`4`	`4`	`{% block user_content %}`
`5`	`5`
`6`	`6`	`<form id="signup-form"`
`7`		`- action="{% url 'user-signup' %}?{% if next %}&next={{ next }}{% endif %}{% if token %}&token={{ token }}{% endif %}"`
	`7`	`+ action="{% url 'user-signup' %}?next={{ next }}{% if token %}&token={{ token }}{% endif %}"`
`8`	`8`	`method="post"`
`9`	`9`	`>`
`10`	`10`	`{% csrf_token %}`