From a4984ca800bc79d2ace2cf2588f60fbf2aa622b5 Mon Sep 17 00:00:00 2001
From: Nikhil <nikhil@open.gov.sg>
Date: Wed, 22 Apr 2020 21:45:43 +0800
Subject: [PATCH] change login url to a better name; redirect user and store
 their current url

---
 README.md                 | 4 ++--
 app/ui/header.js          | 4 +++-
 server/clientConstants.js | 2 +-
 server/config.js          | 6 +++---
 server/middleware/auth.js | 9 +++++++--
 server/state.js           | 2 +-
 6 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index 220c0fe5a..bcaf541d1 100644
--- a/README.md
+++ b/README.md
@@ -5,19 +5,19 @@ To run locally, run `npm run start-dev`. Make sure you have the following enviro
 
 AWS_ACCESS_KEY_ID
 AWS_SECRET_ACCESS_KEY
-LOGIN_URL
+VAULT_FRONTEND_URL
 LOGGING_URL
 JWT_SECRET
 
 Things to ensure:
 - That the JWT secret is the same as the one used in the original backend
-- The login url doesn't have to be the precise URL, it can just be vault.gov.sg, which will then trigger another redirect
 - logging_url is to note down all the actions done by the user
 
 To deploy, run `npm run build` and manually deploy the zip file to the appropriate env
 
 
 Original readme follows:
+
 # [![Firefox Send](./assets/icon.svg)](https://send.firefox.com/) Firefox Send
 
 [![CircleCI](https://img.shields.io/circleci/project/github/mozilla/send.svg)](https://circleci.com/gh/mozilla/send)
diff --git a/app/ui/header.js b/app/ui/header.js
index bcf4711d0..fbd9781c3 100644
--- a/app/ui/header.js
+++ b/app/ui/header.js
@@ -27,7 +27,9 @@ class Header extends Component {
         : html`
             <a
               class="flex flex-row items-center"
-              href="${this.state.loginUrl || DEFAULTS.LOGIN_URL || '/'}"
+              href="${this.state.vaultFrontendUrl ||
+                window.DEFAULTS.VAULT_FRONTEND_URL ||
+                '/'}"
             >
               <img
                 alt="${this.state.translate('title')}"
diff --git a/server/clientConstants.js b/server/clientConstants.js
index 57a295909..39b04504e 100644
--- a/server/clientConstants.js
+++ b/server/clientConstants.js
@@ -17,6 +17,6 @@ module.exports = {
     DOWNLOAD_COUNTS: config.download_counts,
     EXPIRE_TIMES_SECONDS: config.expire_times_seconds,
     EXPIRE_SECONDS: config.default_expire_seconds,
-    LOGIN_URL: config.login_url
+    VAULT_FRONTEND_URL: config.vault_frontend_url
   }
 };
diff --git a/server/config.js b/server/config.js
index 889a6d550..f8e0954c4 100644
--- a/server/config.js
+++ b/server/config.js
@@ -4,10 +4,10 @@ const path = require('path');
 const { randomBytes } = require('crypto');
 
 const conf = convict({
-  login_url: {
+  vault_frontend_url: {
     format: String,
-    default: 'http://localhost:8082',
-    env: 'LOGIN_URL'
+    default: 'http://localhost:1443',
+    env: 'VAULT_FRONTEND_URL'
   },
   s3_bucket: {
     format: String,
diff --git a/server/middleware/auth.js b/server/middleware/auth.js
index 6b11abce9..44283c6fd 100644
--- a/server/middleware/auth.js
+++ b/server/middleware/auth.js
@@ -75,17 +75,22 @@ module.exports = {
     return next();
   },
   vault: async function(req, res, next) {
+    const redirect_uri = `${
+      config.vault_frontend_url
+    }/login?redirect_uri=${encodeURIComponent(
+      req.protocol + '://' + req.get('host') + req.originalUrl
+    )}`;
     const token = req.cookies.authtoken;
     if (!token) {
       console.log('cookie has no authtoken');
-      return res.redirect(config.login_url);
+      return res.redirect(redirect_uri);
     }
     try {
       jwt.verify(token, config.jwt_secret, { algorithms: ['HS256'] });
       return next();
     } catch (err) {
       console.log('Failed jwt verification:', token);
-      return res.redirect(config.login_url);
+      return res.redirect(redirect_uri);
     }
   }
 };
diff --git a/server/state.js b/server/state.js
index 71c252b95..b7c4e125e 100644
--- a/server/state.js
+++ b/server/state.js
@@ -34,7 +34,7 @@ module.exports = async function(req) {
     description:
       'Encrypt and send files with a link that automatically expires to ensure your important documents don’t stay on our servers forever.',
     baseUrl: config.base_url,
-    loginUrl: config.login_url,
+    vaultFrontendUrl: config.vault_frontend_url,
     ui: {},
     storage: {
       files: []