From e98e5a0d2f8d6d319c661ed79ca89780e9a2294f Mon Sep 17 00:00:00 2001
From: kolaente <k@knt.li>
Date: Wed, 20 Dec 2023 13:23:02 +0100
Subject: [PATCH] fix(openid): use the full path when building the redirect
 url, not only the host

Resolves https://kolaente.dev/vikunja/api/issues/1661
---
 src/helpers/redirectToProvider.ts | 11 +++--------
 src/stores/auth.ts                |  2 +-
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/src/helpers/redirectToProvider.ts b/src/helpers/redirectToProvider.ts
index c1124df93..2df546d51 100644
--- a/src/helpers/redirectToProvider.ts
+++ b/src/helpers/redirectToProvider.ts
@@ -1,16 +1,11 @@
-import {parseURL} from 'ufo'
-
 import {createRandomID} from '@/helpers/randomId'
 import type {IProvider} from '@/types/IProvider'
 
-export const redirectToProvider = (provider: IProvider, redirectUrl = '') => {
+export const redirectToProvider = (provider: IProvider) => {
 
 	// We're not using the redirect url provided by the server to allow redirects when using the electron app.
 	// The implications are not quite clear yet hence the logic to pass in another redirect url still exists.
-	if (redirectUrl === '') {
-		const {host, protocol} = parseURL(window.location.href)
-		redirectUrl = `${protocol}//${host}/auth/openid/`
-	}
+	const redirectUrl = `${window.location.href.replace('/login', '')}/auth/openid/`
 
 	const state = createRandomID(24)
 	localStorage.setItem('state', state)
@@ -18,7 +13,7 @@ export const redirectToProvider = (provider: IProvider, redirectUrl = '') => {
 	window.location.href = `${provider.authUrl}?client_id=${provider.clientId}&redirect_uri=${redirectUrl}${provider.key}&response_type=code&scope=openid email profile&state=${state}`
 }
 export const redirectToProviderOnLogout = (provider: IProvider) => {
-	if (provider.logoutUrl.length > 0){
+	if (provider.logoutUrl.length > 0) {
 		window.location.href = `${provider.logoutUrl}`
 	}
 }
diff --git a/src/stores/auth.ts b/src/stores/auth.ts
index 663920d12..b6f2ede70 100644
--- a/src/stores/auth.ts
+++ b/src/stores/auth.ts
@@ -27,7 +27,7 @@ function redirectToProviderIfNothingElseIsEnabled() {
 		(window.location.pathname.startsWith('/login') || window.location.pathname === '/') && // Kinda hacky, but prevents an endless loop.
 		window.location.search.includes('redirectToProvider=true')
 	) {
-		redirectToProvider(auth.openidConnect.providers[0], auth.openidConnect.redirectUrl)
+		redirectToProvider(auth.openidConnect.providers[0])
 	}
 }