Skip to content

fix: improve authentication flow and session handling #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 20, 2025
Merged

fix: improve authentication flow and session handling #45

merged 3 commits into from
Aug 20, 2025

Conversation

@hrntknr
Copy link
Member

@hrntknr hrntknr commented Aug 20, 2025

Summary

Improves the authentication flow and session handling in the auth router by adding proper authorization checks, fixing redirect URL management, and refactoring template rendering for better maintainability.

Type of Change

  • fix: A bug fix

Related Issues

Changes Made

  • Added authorization check after user authentication to ensure authenticated users are also authorized
  • Fixed redirect URL handling by properly deleting redirect URL from session after use
  • Refactored template rendering into dedicated methods (renderLogin and renderUnauthorized) for better code organization
  • Improved logout behavior to redirect users to login page instead of showing plain text
  • Enhanced session management by deleting specific keys instead of clearing all session data
  • Renamed template field to loginTemplate for clarity

Testing

  • Manual testing of login flow
  • Manual testing of logout flow
  • Manual testing of authorization checks
  • Manual testing of redirect URL handling

@hrntknr
fix: improve authentication flow and session handling
3882d5b 
- Add authorization check after user authentication
- Fix redirect URL handling in session management
- Refactor template rendering into dedicated methods
- Improve logout behavior to redirect to login page
- Clean up session management by deleting specific keys instead of clearing all
Copilot AI review requested due to automatic review settings August 20, 2025 13:20

This comment was marked as outdated.

Sign in to view

hrntknr and others added 2 commits August 20, 2025 22:22
@hrntknr
Update pkg/auth/auth.go
3b45904 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@hrntknr
refactor: improve test organization and fix authorization flow handling
44ebb69
@codecov
Copy link

codecov bot commented Aug 20, 2025

Codecov Report

❌ Patch coverage is 33.89831% with 39 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
pkg/auth/auth.go 33.89% 35 Missing and 4 partials ⚠️

📢 Thoughts on this report? Let us know!

@hrntknr hrntknr requested a review from Copilot August 20, 2025 13:41
Copilot AI reviewed Aug 20, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves the authentication flow and session handling by adding proper authorization checks after authentication, fixing redirect URL management, and refactoring template rendering methods for better code organization.

  • Added authorization verification in the OAuth callback handler to ensure authenticated users are also authorized
  • Fixed session management by properly deleting specific session keys and handling redirect URLs correctly
  • Refactored template rendering into dedicated methods for better maintainability

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
pkg/auth/auth.go Added authorization checks, improved session handling, refactored template rendering methods, and enhanced logout behavior
pkg/auth/auth_test.go Updated test expectations to reflect authorization flow changes and moved mock setup for better organization

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

pkg/auth/auth.go
c.Redirect(http.StatusFound, "/")
} else {
c.Redirect(http.StatusFound, redirectURL.(string))
}
Copy link

Copilot AI Aug 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The redirect URL is deleted from the session before checking if it's nil, but the check happens after the session is saved. This could cause issues if the session save fails. Consider moving the session.Save() call after the redirect logic.

Copilot uses AI. Check for mistakes.
pkg/auth/auth.go
c.Redirect(http.StatusFound, "/")
return
} else {
c.Redirect(http.StatusFound, redirectURL.(string))
Copy link

Copilot AI Aug 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same issue as in the OAuth callback: the redirect URL is deleted and session saved before the redirect logic. If session.Save() fails, the redirect URL would be lost but the redirect might not happen correctly.

Copilot uses AI. Check for mistakes.
@hrntknr hrntknr merged commit cd28916 into main Aug 20, 2025
7 checks passed
@sigbit-release-bot sigbit-release-bot bot mentioned this pull request Aug 20, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@hrntknr