From 08d86cbd24c1efad64e83b0cae739f99e3050084 Mon Sep 17 00:00:00 2001
From: Ben McCallum <ben.mccallum@live.com.au>
Date: Wed, 11 Apr 2018 06:57:03 +0200
Subject: [PATCH] fix: don't redirect callback to login when using 'auth'
 globally (#131)

Also, if dev has disabled redirect (all or callback/login), supported according to the options documentation, don't let that affect the middleware here.
---
 lib/core/middleware.js | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/lib/core/middleware.js b/lib/core/middleware.js
index e3c1cd80d..8b5306abd 100644
--- a/lib/core/middleware.js
+++ b/lib/core/middleware.js
@@ -14,17 +14,21 @@ Middleware.auth = function (ctx) {
     return
   }
 
-  const { login } = ctx.app.$auth.options.redirect
+  const { login, callback } = ctx.app.$auth.options.redirect
 
   if (ctx.app.$auth.$state.loggedIn) {
     // -- Authorized --
-    // Redirect to home page if inside login page
-    if (login && ctx.route.path === login.split('?')[0]) {
+    // Redirect to home page if inside login page (or login page disabled)
+    if (!login || ctx.route.path === login.split('?')[0]) {
       ctx.app.$auth.redirect('home')
     }
   } else {
     // -- Guest --
-    // Redirect to login path if not authorized
-    ctx.app.$auth.redirect('login')
+    // Redirect to login page if not authorized and not inside callback page
+    // (Those passing `callback` at runtime need to mark their callback component
+    // with `auth: false` to avoid an unnecessary redirect from callback to login)
+    if (!callback || ctx.route.path !== callback.split('?')[0]) {
+      ctx.app.$auth.redirect('login')
+    }
   }
 }