fix(next): infinite loop when logging into root admin (#7412)

Author: jacobsfletch

packages/next/src/utilities/initPage/handleAdminPage.ts

@@ -7,7 +7,7 @@ import type {
 
 import { notFound } from 'next/navigation.js'
 
-import { isAdminAuthRoute, isAdminRoute } from './shared.js'
+import { getRouteWithoutAdmin, isAdminAuthRoute, isAdminRoute } from './shared.js'
 
 export const handleAdminPage = ({
   adminRoute,
@@ -20,9 +20,9 @@ export const handleAdminPage = ({
   permissions: Permissions
   route: string
 }) => {
-  if (isAdminRoute(route, adminRoute)) {
-    const baseAdminRoute = adminRoute && adminRoute !== '/' ? route.replace(adminRoute, '') : route
-    const routeSegments = baseAdminRoute.split('/').filter(Boolean)
+  if (isAdminRoute({ adminRoute, config, route })) {
+    const routeWithoutAdmin = getRouteWithoutAdmin({ adminRoute, route })
+    const routeSegments = routeWithoutAdmin.split('/').filter(Boolean)
     const [entityType, entitySlug, createOrID] = routeSegments
     const collectionSlug = entityType === 'collections' ? entitySlug : undefined
     const globalSlug = entityType === 'globals' ? entitySlug : undefined
@@ -47,7 +47,7 @@ export const handleAdminPage = ({
       }
     }
 
-    if (!permissions.canAccessAdmin && !isAdminAuthRoute(config, route, adminRoute)) {
+    if (!permissions.canAccessAdmin && !isAdminAuthRoute({ adminRoute, config, route })) {
       notFound()
     }
 

packages/next/src/utilities/initPage/handleAuthRedirect.ts

@@ -22,7 +22,7 @@ export const handleAuthRedirect = ({
     routes: { admin: adminRoute },
   } = config
 
-  if (!isAdminAuthRoute(config, route, adminRoute)) {
+  if (!isAdminAuthRoute({ adminRoute, config, route })) {
     if (searchParams && 'redirect' in searchParams) delete searchParams.redirect
 
     const redirectRoute = encodeURIComponent(
@@ -36,7 +36,7 @@ export const handleAuthRedirect = ({
     const customLoginRoute =
       typeof redirectUnauthenticatedUser === 'string' ? redirectUnauthenticatedUser : undefined
 
-    const loginRoute = isAdminRoute(route, adminRoute)
+    const loginRoute = isAdminRoute({ adminRoute, config, route })
       ? adminLoginRoute
       : customLoginRoute || loginRouteFromConfig
 

packages/next/src/utilities/initPage/shared.ts

@@ -11,16 +11,42 @@ const authRouteKeys: (keyof SanitizedConfig['admin']['routes'])[] = [
   'reset',
 ]
 
-export const isAdminRoute = (route: string, adminRoute: string) => {
-  return route.startsWith(adminRoute)
+export const isAdminRoute = ({
+  adminRoute,
+  config,
+  route,
+}: {
+  adminRoute: string
+  config: SanitizedConfig
+  route: string
+}): boolean => {
+  return route.startsWith(adminRoute) && !isAdminAuthRoute({ adminRoute, config, route })
 }
 
-export const isAdminAuthRoute = (config: SanitizedConfig, route: string, adminRoute: string) => {
+export const isAdminAuthRoute = ({
+  adminRoute,
+  config,
+  route,
+}: {
+  adminRoute: string
+  config: SanitizedConfig
+  route: string
+}): boolean => {
   const authRoutes = config.admin?.routes
     ? Object.entries(config.admin.routes)
         .filter(([key]) => authRouteKeys.includes(key as keyof SanitizedConfig['admin']['routes']))
         .map(([_, value]) => value)
     : []
 
-  return authRoutes.some((r) => route.replace(adminRoute, '').startsWith(r))
+  return authRoutes.some((r) => getRouteWithoutAdmin({ adminRoute, route }).startsWith(r))
+}
+
+export const getRouteWithoutAdmin = ({
+  adminRoute,
+  route,
+}: {
+  adminRoute: string
+  route: string
+}): string => {
+  return adminRoute && adminRoute !== '/' ? route.replace(adminRoute, '') : route
 }

test/access-control/e2e.spec.ts

@@ -18,7 +18,7 @@ import {
   closeNav,
   ensureCompilationIsDone,
   exactText,
-  getAdminRoutes,
+  getRoutes,
   initPageConsoleErrorCatch,
   login,
   openDocControls,
@@ -99,7 +99,7 @@ describe('access control', () => {
         routes: { logout: logoutRoute },
       },
       routes: { admin: adminRoute },
-    } = getAdminRoutes({})
+    } = getRoutes({})
 
     logoutURL = `${serverURL}${adminRoute}${logoutRoute}`
   })

test/admin-root/app/favicon.ico

@@ -12,6 +12,13 @@ const dirname = path.dirname(filename)
 
 export default buildConfigWithDefaults({
   collections: [PostsCollection],
+  admin: {
+    autoLogin: {
+      email: devUser.email,
+      password: devUser.password,
+      prefillOnly: true,
+    },
+  },
   cors: ['http://localhost:3000', 'http://localhost:3001'],
   globals: [MenuGlobal],
   routes: {

test/admin-root/config.ts

@@ -5,7 +5,7 @@ import * as path from 'path'
 import { adminRoute } from 'shared.js'
 import { fileURLToPath } from 'url'
 
-import { ensureCompilationIsDone, initPageConsoleErrorCatch } from '../helpers.js'
+import { ensureCompilationIsDone, initPageConsoleErrorCatch, login } from '../helpers.js'
 import { AdminUrlUtil } from '../helpers/adminUrlUtil.js'
 import { initPayloadE2ENoConfig } from '../helpers/initPayloadE2ENoConfig.js'
 import { TEST_TIMEOUT_LONG } from '../playwright.config.js'
@@ -29,6 +29,8 @@ test.describe('Admin Panel (Root)', () => {
     page = await context.newPage()
     initPageConsoleErrorCatch(page)
 
+    await login({ page, serverURL, customRoutes: { admin: adminRoute } })
+
     await ensureCompilationIsDone({
       customRoutes: {
         admin: adminRoute,

test/admin-root/e2e.spec.ts

@@ -10,7 +10,7 @@ import {
   checkPageTitle,
   ensureCompilationIsDone,
   exactText,
-  getAdminRoutes,
+  getRoutes,
   initPageConsoleErrorCatch,
   openDocControls,
   openNav,
@@ -76,7 +76,7 @@ describe('admin1', () => {
   let customFieldsURL: AdminUrlUtil
   let disableDuplicateURL: AdminUrlUtil
   let serverURL: string
-  let adminRoutes: ReturnType<typeof getAdminRoutes>
+  let adminRoutes: ReturnType<typeof getRoutes>
   let loginURL: string
 
   beforeAll(async ({ browser }, testInfo) => {
@@ -106,7 +106,7 @@ describe('admin1', () => {
 
     await ensureCompilationIsDone({ customAdminRoutes, page, serverURL })
 
-    adminRoutes = getAdminRoutes({ customAdminRoutes })
+    adminRoutes = getRoutes({ customAdminRoutes })
 
     loginURL = `${serverURL}${adminRoutes.routes.admin}${adminRoutes.admin.routes.login}`
   })

test/admin/e2e/1/e2e.spec.ts

@@ -10,7 +10,7 @@ import type { Config, Geo, Post } from '../../payload-types.js'
 import {
   ensureCompilationIsDone,
   exactText,
-  getAdminRoutes,
+  getRoutes,
   initPageConsoleErrorCatch,
   openDocDrawer,
   openNav,
@@ -44,7 +44,7 @@ describe('admin2', () => {
   let postsUrl: AdminUrlUtil
 
   let serverURL: string
-  let adminRoutes: ReturnType<typeof getAdminRoutes>
+  let adminRoutes: ReturnType<typeof getRoutes>
 
   beforeAll(async ({ browser }, testInfo) => {
     const prebuild = Boolean(process.env.CI)
@@ -69,7 +69,7 @@ describe('admin2', () => {
 
     await ensureCompilationIsDone({ customAdminRoutes, page, serverURL })
 
-    adminRoutes = getAdminRoutes({ customAdminRoutes })
+    adminRoutes = getRoutes({ customAdminRoutes })
   })
   beforeEach(async () => {
     await reInitializeDB({

test/admin/e2e/2/e2e.spec.ts

@@ -13,7 +13,7 @@ import type { Config } from './payload-types.js'
 
 import {
   ensureCompilationIsDone,
-  getAdminRoutes,
+  getRoutes,
   initPageConsoleErrorCatch,
   saveDocAndAssert,
 } from '../helpers.js'
@@ -49,7 +49,7 @@ const createFirstUser = async ({
       routes: { createFirstUser: createFirstUserRoute },
     },
     routes: { admin: adminRoute },
-  } = getAdminRoutes({
+  } = getRoutes({
     customAdminRoutes,
     customRoutes,
   })