refactor: review comments

supertokens · Apr 15, 2024 · a359b4e · a359b4e
1 parent f3a42ff
commit a359b4e
Show file tree

Hide file tree

Showing 9 changed files with 47 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,7 +7,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [unreleased]
 
-## [0.39.2] - 2024-04-10
+## [0.40.0] - 2024-04-15
 
 ### Changes
 

diff --git a/lib/build/genericComponentOverrideContext.js b/lib/build/genericComponentOverrideContext.js
diff --git a/lib/build/multifactorauth-shared.js b/lib/build/multifactorauth-shared.js
diff --git a/lib/build/version.d.ts b/lib/build/version.d.ts
diff --git a/lib/ts/recipe/session/utils.ts b/lib/ts/recipe/session/utils.ts
@@ -101,6 +101,11 @@ export function compareRedirectionURLToCurrentURL(redirectURL: string): boolean
         // if the url is a full, valid url, we can use that
         fullRedirectURL = redirectURL;
     } catch {
+        // If we get here, we know it's not full url
+        // We check if it's an absolute path, because if it's not we know the redirection should always result in a new URL
+        if (!redirectURL.startsWith("/")) {
+            return false;
+        }
         const appInfo = SuperTokens.getInstanceOrThrow().appInfo;
         // otherwise we prepend the websiteDomain
         fullRedirectURL = `${appInfo.websiteDomain.getAsStringDangerous()}${redirectURL}`;

diff --git a/lib/ts/version.ts b/lib/ts/version.ts
@@ -12,4 +12,4 @@
  * License for the specific language governing permissions and limitations
  * under the License.
  */
-export const package_version = "0.39.2";
+export const package_version = "0.40.0";
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "supertokens-auth-react",
-    "version": "0.39.2",
+    "version": "0.40.0",
     "description": "ReactJS SDK that provides login functionality with SuperTokens.",
     "main": "./index.js",
     "engines": {

diff --git a/test/end-to-end/signin-rrdv6.test.js b/test/end-to-end/signin-rrdv6.test.js
@@ -608,6 +608,36 @@ describe("SuperTokens SignIn with react router dom v6", function () {
             ]);
         });
 
+        it("Should redirect to onFailureRedirections result if it's a relative path", async function () {
+            await Promise.all([
+                page.goto(
+                    `${TEST_CLIENT_BASE_URL}/auth?redirectToPath=${encodeURIComponent("/dashboard?test=value#asdf")}`
+                ),
+                page.waitForNavigation({ waitUntil: "networkidle0" }),
+            ]);
+
+            // Set correct values.
+            await setInputValues(page, [
+                { name: "email", value: "[email protected]" },
+                { name: "password", value: "Str0ngP@ssw0rd" },
+            ]);
+            await Promise.all([
+                submitFormReturnRequestAndResponse(page, SIGN_IN_API),
+                page.waitForNavigation({ waitUntil: "networkidle0" }),
+            ]);
+
+            await page.evaluate(() => {
+                const validator = window.UserRoleClaim.validators.includes("admin");
+                validator.onFailureRedirection = () => "second-factor";
+                window.setClaimValidators([validator]);
+            });
+
+            await page.waitForNavigation({ waitUntil: "networkidle0" });
+
+            let href = await page.evaluate(() => window.location.pathname);
+            assert.strictEqual(href, "/dashboard/second-factor");
+        });
+
         it("Should redirect to onFailureRedirections result if it's on another domain", async function () {
             await Promise.all([
                 page.goto(`${TEST_CLIENT_BASE_URL}/auth`),