fix: respect return to when switching between flows (#243)

Author: Benehiko

src/routes/login.ts

@@ -66,9 +66,9 @@ export const createLoginRoute: RouteCreator =
       .getLoginFlow({ id: flow, cookie: req.header("cookie") })
       .then(({ data: flow }) => {
         // Render the data using a view (e.g. Jade Template):
-
         const initRegistrationQuery = new URLSearchParams({
-          return_to: return_to.toString(),
+          return_to:
+            (return_to && return_to.toString()) || flow.return_to || "",
         })
         if (flow.oauth2_login_request?.challenge) {
           initRegistrationQuery.set(

src/routes/recovery.ts

@@ -24,12 +24,6 @@ export const createRecoveryRoute: RouteCreator =
       new URLSearchParams({ return_to: return_to.toString() }),
     )
 
-    const initLoginUrl = getUrlForFlow(
-      kratosBrowserUrl,
-      "login",
-      new URLSearchParams({ return_to: return_to.toString() }),
-    )
-
     // The flow is used to identify the settings and registration flow and
     // return data like the csrf_token and so on.
     if (!isQuerySet(flow)) {
@@ -43,6 +37,15 @@ export const createRecoveryRoute: RouteCreator =
     return frontend
       .getRecoveryFlow({ id: flow, cookie: req.header("cookie") })
       .then(({ data: flow }) => {
+        const initLoginUrl = getUrlForFlow(
+          kratosBrowserUrl,
+          "login",
+          new URLSearchParams({
+            return_to:
+              (return_to && return_to.toString()) || flow.return_to || "",
+          }),
+        )
+
         res.render("recovery", {
           card: UserAuthCard({
             title: "Recover your account",

src/routes/registration.ts

@@ -22,11 +22,15 @@ export const createRegistrationRoute: RouteCreator =
   (createHelpers) => (req, res, next) => {
     res.locals.projectName = "Create account"
 
-    const { flow, return_to = "", login_challenge } = req.query
+    const { flow, return_to, after_verification_return_to, login_challenge } =
+      req.query
     const { frontend, kratosBrowserUrl, logoUrl } = createHelpers(req, res)
 
     const initFlowQuery = new URLSearchParams({
-      return_to: return_to.toString(),
+      ...(return_to && { return_to: return_to.toString() }),
+      ...(after_verification_return_to && {
+        after_verification_return_to: after_verification_return_to.toString(),
+      }),
     })
 
     if (isQuerySet(login_challenge)) {
@@ -59,7 +63,8 @@ export const createRegistrationRoute: RouteCreator =
       .then(({ data: flow }) => {
         // Render the data using a view (e.g. Jade Template):
         const initLoginQuery = new URLSearchParams({
-          return_to: return_to.toString(),
+          return_to:
+            (return_to && return_to.toString()) || flow.return_to || "",
         })
         if (flow.oauth2_login_request?.challenge) {
           initLoginQuery.set(

src/routes/verification.ts

@@ -24,14 +24,6 @@ export const createVerificationRoute: RouteCreator =
       new URLSearchParams({ return_to: return_to.toString() }),
     )
 
-    const initRegistrationUrl = getUrlForFlow(
-      kratosBrowserUrl,
-      "registration",
-      new URLSearchParams({
-        return_to: return_to.toString(),
-      }),
-    )
-
     // The flow is used to identify the settings and registration flow and
     // return data like the csrf_token and so on.
     if (!isQuerySet(flow)) {
@@ -46,6 +38,14 @@ export const createVerificationRoute: RouteCreator =
       frontend
         .getVerificationFlow({ id: flow, cookie: req.header("cookie") })
         .then(({ data: flow }) => {
+          const initRegistrationUrl = getUrlForFlow(
+            kratosBrowserUrl,
+            "registration",
+            new URLSearchParams({
+              return_to:
+                (return_to && return_to.toString()) || flow.return_to || "",
+            }),
+          )
           // Render the data using a view (e.g. Jade Template):
           res.render("verification", {
             card: UserAuthCard({