From 8ea3e70c979851f43ef2a9008063f85595b8f184 Mon Sep 17 00:00:00 2001
From: lilly <li@lly.sh>
Date: Tue, 5 May 2026 19:21:42 +0200
Subject: [PATCH] redirect the user to a proper url after login

---
 api/src/dooris_api/app.py | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/api/src/dooris_api/app.py b/api/src/dooris_api/app.py
index 584e5f9..2f4c620 100644
--- a/api/src/dooris_api/app.py
+++ b/api/src/dooris_api/app.py
@@ -39,7 +39,7 @@ app = FastAPI(
 )
 
 
-@app.get("/api/user-info/")
+@app.get("/api/user-info/", name="get-user-info")
 async def get_user_info(req: Request, current_user: deps.CurrentUser) -> UserStatus:
     if current_user is None:
         return UserStatus(is_logged_in=False, user_info=None)
@@ -54,6 +54,8 @@ async def get_user_info(req: Request, current_user: deps.CurrentUser) -> UserSta
 
 @app.get("/auth/login", response_class=RedirectResponse, status_code=302)
 async def login_init(req: Request, resp: Response, oidc_client: deps.OpenidClient, next: Optional[str] = "") -> str:
+    logger.debug("starting user authentication with upstream identity provider")
+    
     # save the ?next url for later redirection if the user requested that
     if next:
         resp.set_cookie("auth_next", next, max_age=60 * 10, httponly=True, secure=True)
@@ -74,12 +76,13 @@ async def login_init(req: Request, resp: Response, oidc_client: deps.OpenidClien
     return oidc_client.authorization_code_flow.start_authentication(state=state, nonce=nonce)
 
 
-@app.get("/auth/login-callback")
+@app.get("/auth/login-callback", response_class=RedirectResponse, status_code=302)
 async def login_callback(req: Request, resp: Response, oidc_client: deps.OpenidClient):
     # check that the user is currently in an authenticating state
     # these cookies are set by the login_init() view
     if "auth_state" not in req.cookies or "auth_nonce" not in req.cookies or "auth_start_time" not in req.cookies:
-        raise ValueError("user is currently not authentication or the authentication expired. try again")
+        logger.debug("user tried to log in but cookies indicate they are in a wrong state; redirecting to error view")
+        return "/auth/login-error?error=todo"
 
     # ensure cookies are always cleared in the response
     resp.set_cookie("auth_state", "", max_age=0)
@@ -94,9 +97,12 @@ async def login_callback(req: Request, resp: Response, oidc_client: deps.OpenidC
         deps.persist_auth_state(oidc_client, resp, auth_result, auth_start_time, req.cookies["auth_nonce"])
 
         # redirect the user to the page they wanted to visit
-        return {"authenticated": True}
+        # TODO: respect "auth_next" cookie to redirect the user to a specific url
+        logger.debug("successfully authenticated user")
+        return str(req.url_for("get-user-info"))
     else:
-        return {"authenticated": False, "error": auth_result}
+        logger.debu("could not authenticate user because of OIDC error; redirecting to error page with error messages intact")
+        return f"/auth/login-error?{req.query_params}"