-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redirect sections that don't have the enableLoggedOut flag to login page #30537
Conversation
I tested the Google My Business section as well as login, and everything seems to work fine. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very impressive! I tested the me/purchases
route and it works correctly.
reader routes all checked out |
Seeing the same oddities on the logged-in theme routes that I reported on #30543 |
4ac1eb4
to
ae685f7
Compare
The Themes fixes were merged separately in #30543 and now this branch contains only all the other sections that use the framework-level logged-out handler. I'll keep this open for another 24 hours before merging, so that the mentioned folks have a chance to test their sections. |
Routes in sections that don't have the `enableLoggedOut` flag set to `true` should always redirect to login page when requested in a logged-out session. This patch removes the check-and-redirect code (which is broken anyway) from the `loggedOutMiddleware` function and moves it to the section loader handler. Which, until now, only loaded the section's webpack chunk. Now it also guards for unwanted (logged-out) visitors.
Instead of per-route checks, remove the `enableLoggedOut` flag from the section and let the framework (section loader) do the login redirect.
Instead of per-route checks, remove the `enableLoggedOut` flag from the section and let the framework (section loader) do the login redirect. Effectively reverts #27261 in favor of doing it The Right Way.
Instead of per-route checks, remove the `enableLoggedOut` flag from the section and let the framework (section loader) do the login redirect. Effectively reverts #25000 and replaces it with a better implementation.
Instead of per-route checks, remove the `enableLoggedOut` flag from the section and let the framework (section loader) do the login redirect.
Instead of per-route checks, remove the `enableLoggedOut` flag from the section and let the framework (section loader) do the login redirect. Effectively reverts #25741 and replaces it with a better implementation.
Redirect to login page is handled in framework if the flag is false.
ae685f7
to
cb3e63e
Compare
Full e2e suite finished with one failure: when signing up for account only with no site through I verified manually that the failed flow works on calypso.live -- I got the expected results. |
The section references the same module (`client/reader`) as the main `reader` section, and doesn't do anything useful. It was added in #25741 to support logged-out redirects, but these redirects were then implemented later at a framework level in #30537 and the Reader-specific redirect code was removed. After that, the section became an empty shell. Also moves the `/recommendations` redirect handler to `reader/search`, potentially removing the need to load any other section than `reader/search` when handling the route.
The section references the same module (`client/reader`) as the main `reader` section, and doesn't do anything useful. It was added in #25741 to support logged-out redirects, but these redirects were then implemented later at a framework level in #30537 and the Reader-specific redirect code was removed. After that, the section became an empty shell. Also moves the `/recommendations` redirect handler to `reader/search`, potentially removing the need to load any other section than `reader/search` when handling the route.
Provides the long-awaited framework-level fix for #23785. All sections that don't have the
enableLoggedOut
flag redirect to login page when a request hits them in a logged-out session.The only two sections that still need to a custom per-route redirect are:
/themes
: there is a mixture of logged-out and logged-in (with/:site
suffix) routes there/help
: redirects not only to login page, but to en.support.wordpress.com URLs for some routesRemoves per-route redirects in many sections, in favor of the framework-ish solution:
/me/purchases
: reverts Purchases: add logged-out redirect to all paths #24435 by @sirbrillig/me/security
: reverts Me: add logged-out redirect for me/security/* #27261 by @bluefuton/checkout
: reverts Enable the /checkout/:domain/:product route for logged-out users #22993 by @seear and Checkout: redirect logged-out users to login page #24687 by @taggon/domain-connect
: reverts Make Domain Connect authorize page work for logged out users. #25000 by @delputnam (and @klimeryk)/google-my-business
: reverts Google My Business: Redirect logged out users to login page #23548 by @stephanethomas/reader
: reverts Reader: redirect common paths when logged out #25741 by @bluefuton/stats
: reverts/fixes Guided Tour: Redirect to Login page if logged out #25498 by @mattwiebeThe
/themes
route gets its own very special solution (cc @ockham) that I'm likely to land in a separate PR. But it's still one of commits here.How to test:
Verify that logged-out accesses to the sections mentioned above (especially when you're mentioned for that section) correcly redirect to login. Verify that routes that are supposed to work in logged-out mode (themes, help, all kinds of logins and signups) continue to work 💯