fix: auth redirection issues in the web, space and admin apps (#4414)

* fix: login redirection

* dev: log the user out when deactivating the account

* dev: update redirect uris for google and github

* fix: redirection url and invitation api and add redirection to god mode in nginx

* dev: add reset password redirection

* dev: update nginx headers

* dev: fix setup sh and env example and put validation for use minio when fetching project covers

* dev: stabilize dev setup

* fix: handled redirection error in web, space, and admin apps

* fix: resovled build errors

---------

Co-authored-by: pablohashescobar <nikhilschacko@gmail.com>

apiserver/plane/authentication/adapter/exception.py

@@ -7,12 +7,6 @@ def auth_exception_handler(exc, context):
     response = exception_handler(exc, context)
     # Check if an AuthenticationFailed exception is raised.
     if isinstance(exc, NotAuthenticated):
-        # Return 403 if the users me api fails
-        request = context["request"]
-        if request.path == "/api/users/me/":
-            response.status_code = 403
-        # else return 401
-        else:
-            response.status_code = 401
+        response.status_code = 401
 
     return response

apiserver/plane/authentication/provider/oauth/github.py

@@ -46,9 +46,7 @@ class GitHubOAuthProvider(OauthAdapter):
         client_id = GITHUB_CLIENT_ID
         client_secret = GITHUB_CLIENT_SECRET
 
-        redirect_uri = (
-            f"{request.scheme}://{request.get_host()}/auth/github/callback/"
-        )
+        redirect_uri = f"""{"https" if request.is_secure() else "http"}://{request.get_host()}/auth/github/callback/"""
         url_params = {
             "client_id": client_id,
             "redirect_uri": redirect_uri,

apiserver/plane/authentication/provider/oauth/google.py

@@ -43,9 +43,7 @@ class GoogleOAuthProvider(OauthAdapter):
         client_id = GOOGLE_CLIENT_ID
         client_secret = GOOGLE_CLIENT_SECRET
 
-        redirect_uri = (
-            f"{request.scheme}://{request.get_host()}/auth/google/callback/"
-        )
+        redirect_uri = f"""{"https" if request.is_secure() else "http"}://{request.get_host()}/auth/google/callback/"""
         url_params = {
             "client_id": client_id,
             "scope": self.scope,

apiserver/plane/authentication/utils/host.py

@@ -6,7 +6,7 @@ def base_host(request):
     return (
         request.META.get("HTTP_ORIGIN")
         or f"{urlsplit(request.META.get('HTTP_REFERER')).scheme}://{urlsplit(request.META.get('HTTP_REFERER')).netloc}"
-        or f"{request.scheme}://{request.get_host()}"
+        or f"""{"https" if request.is_secure() else "http"}://{request.get_host()}"""
     )
 
 

apiserver/plane/authentication/utils/redirection_path.py

@@ -10,10 +10,13 @@ def get_redirection_path(user):
         return "onboarding"
 
     # Redirect to the last workspace if the user has last workspace
-    if profile.last_workspace_id and Workspace.objects.filter(
-        pk=profile.last_workspace_id,
-        workspace_member__member_id=user.id,
-        workspace_member__is_active=True,
+    if (
+        profile.last_workspace_id
+        and Workspace.objects.filter(
+            pk=profile.last_workspace_id,
+            workspace_member__member_id=user.id,
+            workspace_member__is_active=True,
+        ).exists()
     ):
         workspace = Workspace.objects.filter(
             pk=profile.last_workspace_id,

apiserver/plane/authentication/views/common.py

@@ -206,7 +206,7 @@ class ResetPasswordEndpoint(View):
 
             url = urljoin(
                 base_host(request=request),
-                "accounts/sign-in?" + urlencode({"success", True}),
+                "accounts/sign-in?" + urlencode({"success": True}),
             )
             return HttpResponseRedirect(url)
         except DjangoUnicodeDecodeError: