diff options
| author | Dave Arter <davea@mysociety.org> | 2019-08-12 17:07:56 +0100 |
|---|---|---|
| committer | Dave Arter <davea@mysociety.org> | 2019-08-16 14:25:12 +0100 |
| commit | e44eafed9e87bbc61d8ecba8f9c0a1430a6ffacf (patch) | |
| tree | c52912a1d5a340ba3af3ad948b34e7b977509bff | |
| parent | ec35bcf89ffcfbf0ee64b53b2f4f4e02f24bc167 (diff) | |
Preserve partial report if resetting password during OIDC login
| -rw-r--r-- | perllib/FixMyStreet/App/Controller/Auth/Social.pm | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Auth/Social.pm b/perllib/FixMyStreet/App/Controller/Auth/Social.pm index 56bae96d2..aa3177163 100644 --- a/perllib/FixMyStreet/App/Controller/Auth/Social.pm +++ b/perllib/FixMyStreet/App/Controller/Auth/Social.pm @@ -239,7 +239,16 @@ sub oidc_callback: Path('/auth/OIDC') : Args(0) { # After a password reset on the OIDC endpoint the user isn't properly logged # in, so redirect them to the usual OIDC login process. - $c->detach('oidc_sign_in', []) if $c->get_param('state') eq 'password_reset'; + if ( $c->get_param('state') eq 'password_reset' ) { + # The user may have reset their password as part of the sign-in-during-report + # process, so preserve their report and redirect them to the right place + # if that happened. + if ( $c->session->{oauth} ) { + $c->stash->{detach_to} = $c->session->{oauth}{detach_to}; + $c->stash->{detach_args} = $c->session->{oauth}{detach_args}; + } + $c->detach('oidc_sign_in', []); + } # The only other valid state param is 'login' at this point. $c->detach('/page_error_400_bad_request', []) unless $c->get_param('state') eq 'login'; |