feat(templates): improve return-url implementation in Boilerplate #9854…

… (#9856)
bitfoundation · Feb 11, 2025 · 4fcf1a9 · 4fcf1a9
1 parent e2ede27
commit 4fcf1a9
Show file tree

Hide file tree

Showing 7 changed files with 10 additions and 10 deletions.
diff --git a/...Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Layout/IdentityHeader.razor b/...Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Layout/IdentityHeader.razor
@@ -4,10 +4,10 @@
     <BitStack Horizontal Gap="0.5rem" VerticalAlign="BitAlignment.Center">
         @if (isCrossLayoutPage is true)
         {
-            <BitButton Href="@($"{Urls.SignUpPage}?return-url={NavigationManager.GetRelativePath()}")">
+            <BitButton Href="@($"{Urls.SignUpPage}?return-url={Uri.EscapeDataString(NavigationManager.GetRelativePath())}")">
                 @Localizer[nameof(AppStrings.SignUp)]
             </BitButton>
-            <BitButton Href="@($"{Urls.SignInPage}?return-url={NavigationManager.GetRelativePath()}")" Variant="BitVariant.Text" Color="BitColor.Tertiary">
+            <BitButton Href="@($"{Urls.SignInPage}?return-url={Uri.EscapeDataString(NavigationManager.GetRelativePath())}")" Variant="BitVariant.Text" Color="BitColor.Tertiary">
                 @Localizer[nameof(AppStrings.SignIn)]
             </BitButton>
         }

diff --git a/...ate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInPanel.razor b/...ate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInPanel.razor
@@ -78,7 +78,7 @@
 
             <BitText Align="BitTextAlign.Center" Typography="BitTypography.Body2">
                 @Localizer[nameof(AppStrings.DontHaveAccountMessage)]
-                <BitLink Href="@($"{Urls.SignUpPage}?return-url={ReturnUrlQueryString}")">@Localizer[nameof(AppStrings.SignUp)]</BitLink>
+                <BitLink Href="@($"{Urls.SignUpPage}?return-url={Uri.EscapeDataString(ReturnUrlQueryString ?? "")}")">@Localizer[nameof(AppStrings.SignUp)]</BitLink>
             </BitText>
         </BitStack>
     </BitStack>

diff --git a/...late/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignUp/SignUpPage.razor b/...late/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignUp/SignUpPage.razor
@@ -76,9 +76,9 @@
             <br />
             <BitText Typography="BitTypography.Body2">
                 @Localizer[nameof(AppStrings.SignInMessageInSignUp)]
-                <BitLink Href="@($"{Urls.SignInPage}?return-url={ReturnUrlQueryString}")">@Localizer[nameof(AppStrings.SignIn)]</BitLink>
+                <BitLink Href="@($"{Urls.SignInPage}?return-url={Uri.EscapeDataString(ReturnUrlQueryString ?? "")}")">@Localizer[nameof(AppStrings.SignIn)]</BitLink>
                 @Localizer[nameof(AppStrings.Or)]
-                <BitLink Href="@($"{Urls.ConfirmPage}?email={Uri.EscapeDataString(signUpModel.Email??"")}&phoneNumber={Uri.EscapeDataString(signUpModel.PhoneNumber??"")}&return-url={ReturnUrlQueryString}")">
+                <BitLink Href="@($"{Urls.ConfirmPage}?email={Uri.EscapeDataString(signUpModel.Email??"")}&phoneNumber={Uri.EscapeDataString(signUpModel.PhoneNumber??"")}&return-url={Uri.EscapeDataString(ReturnUrlQueryString)}")">
                     @Localizer[nameof(AppStrings.Confirm)]
                 </BitLink>
             </BitText>

diff --git a/...oilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/NotAuthorizedPage.razor.cs b/...oilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/NotAuthorizedPage.razor.cs
@@ -44,7 +44,7 @@ private async Task SignOut()
     {
         await AuthManager.SignOut(CurrentCancellationToken);
         var returnUrl = ReturnUrl ?? NavigationManager.GetRelativePath();
-        NavigationManager.NavigateTo(Urls.SignInPage + (string.IsNullOrEmpty(returnUrl) ? string.Empty : $"?return-url={returnUrl}"));
+        NavigationManager.NavigateTo(Urls.SignInPage + (string.IsNullOrEmpty(returnUrl) ? string.Empty : $"?return-url={Uri.EscapeDataString(returnUrl)}"));
     }
 }
 
@@ -58,6 +58,6 @@ protected override async Task OnAfterFirstRenderAsync()
 
         await AuthManager.SignOut(CurrentCancellationToken);
         var returnUrl = ReturnUrl ?? NavigationManager.GetRelativePath();
-        NavigationManager.NavigateTo(Urls.SignInPage + (string.IsNullOrEmpty(returnUrl) ? string.Empty : $"?return-url={returnUrl}"));
+        NavigationManager.NavigateTo(Urls.SignInPage + (string.IsNullOrEmpty(returnUrl) ? string.Empty : $"?return-url={Uri.EscapeDataString(returnUrl)}"));
     }
 }
diff --git a/...erver/Boilerplate.Server.Api/Controllers/Identity/IdentityController.EmailConfirmation.cs b/...erver/Boilerplate.Server.Api/Controllers/Identity/IdentityController.EmailConfirmation.cs
@@ -78,7 +78,7 @@ private async Task SendConfirmEmailToken(User user, string? returnUrl, Cancellat
 
         var email = user.Email!;
         var token = await userManager.GenerateUserTokenAsync(user, TokenOptions.DefaultPhoneProvider, FormattableString.Invariant($"VerifyEmail:{email},{user.EmailTokenRequestedOn?.ToUniversalTime()}"));
-        var link = new Uri(HttpContext.Request.GetWebAppUrl(), $"{Urls.ConfirmPage}?email={Uri.EscapeDataString(email)}&emailToken={Uri.EscapeDataString(token)}&culture={CultureInfo.CurrentUICulture.Name}&return-url={returnUrl}");
+        var link = new Uri(HttpContext.Request.GetWebAppUrl(), $"{Urls.ConfirmPage}?email={Uri.EscapeDataString(email)}&emailToken={Uri.EscapeDataString(token)}&culture={CultureInfo.CurrentUICulture.Name}&return-url={Uri.EscapeDataString(returnUrl)}");
 
         await emailService.SendEmailToken(user, email, token, link, cancellationToken);
     }

diff --git a/....Boilerplate/src/Server/Boilerplate.Server.Api/Controllers/Identity/IdentityController.cs b/....Boilerplate/src/Server/Boilerplate.Server.Api/Controllers/Identity/IdentityController.cs
@@ -412,7 +412,7 @@ public async Task<ActionResult> SocialSignedIn()
 
         if (string.IsNullOrEmpty(returnUrl) is false)
         {
-            qs += $"&return-url={Uri.EscapeDataString(returnUrl)}";
+            qs += $"&return-url={Uri.EscapeDataString(Uri.EscapeDataString(returnUrl))}";
         }
 
         var url = $"{Urls.SignInPage}?otp={Uri.EscapeDataString(token)}&{qs}&culture={CultureInfo.CurrentUICulture.Name}";

diff --git a/...mplates/Boilerplate/Bit.Boilerplate/src/Tests/PageTests/PageModels/Identity/SignInPage.cs b/...mplates/Boilerplate/Bit.Boilerplate/src/Tests/PageTests/PageModels/Identity/SignInPage.cs
@@ -121,7 +121,7 @@ public override async Task AssertSignOut()
         if (ReturnUrl is null)
             await Assertions.Expect(Page).ToHaveURLAsync(new Uri(WebAppServerAddress, Urls.SignInPage).ToString());
         else
-            await Assertions.Expect(Page).ToHaveURLAsync(new Uri(WebAppServerAddress, $"{Urls.SignInPage}?return-url={ReturnUrl}").ToString());
+            await Assertions.Expect(Page).ToHaveURLAsync(new Uri(WebAppServerAddress, $"{Urls.SignInPage}?return-url={Uri.EscapeDataString(ReturnUrl)}").ToString());
     }
 
     private void AssertReturnUrl()