From a31e7370247585f11cbfddcb956fdad30ea9635e Mon Sep 17 00:00:00 2001
From: Andrew Dryga <andrew@dryga.com>
Date: Wed, 1 Nov 2023 11:20:20 -0600
Subject: [PATCH] Redirect to client platform callback url when user is already
 signed in (#2545)

This will fix the issue with shows a dashboard when you sign in and
browser cookie is still fresh
---
 elixir/apps/web/lib/web/auth.ex        |  8 +++++++-
 elixir/apps/web/test/web/auth_test.exs | 16 +++++++++++++++-
 2 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/elixir/apps/web/lib/web/auth.ex b/elixir/apps/web/lib/web/auth.ex
index 868c0d9e9..716db2895 100644
--- a/elixir/apps/web/lib/web/auth.ex
+++ b/elixir/apps/web/lib/web/auth.ex
@@ -247,8 +247,14 @@ defmodule Web.Auth do
   """
   def redirect_if_user_is_authenticated(%Plug.Conn{} = conn, _opts) do
     if conn.assigns[:subject] do
+      client_platform =
+        Plug.Conn.get_session(conn, :client_platform) || conn.query_params["client_platform"]
+
+      client_csrf_token =
+        Plug.Conn.get_session(conn, :client_csrf_token) || conn.query_params["client_csrf_token"]
+
       conn
-      |> Phoenix.Controller.redirect(to: signed_in_path(conn.assigns.subject))
+      |> signed_in_redirect(conn.assigns[:subject], client_platform, client_csrf_token)
       |> Plug.Conn.halt()
     else
       conn
diff --git a/elixir/apps/web/test/web/auth_test.exs b/elixir/apps/web/test/web/auth_test.exs
index a348a6450..e42b32d18 100644
--- a/elixir/apps/web/test/web/auth_test.exs
+++ b/elixir/apps/web/test/web/auth_test.exs
@@ -197,16 +197,30 @@ defmodule Web.AuthTest do
   end
 
   describe "redirect_if_user_is_authenticated/2" do
-    test "redirects if user is authenticated", %{conn: conn, admin_subject: subject} do
+    test "redirects if user is authenticated to the signed in path", %{
+      conn: conn,
+      admin_subject: subject
+    } do
       conn =
         conn
         |> assign(:subject, subject)
+        |> fetch_query_params()
         |> redirect_if_user_is_authenticated([])
 
       assert conn.halted
       assert redirected_to(conn) == signed_in_path(subject)
     end
 
+    test "redirects clients to platform specific urls", %{conn: conn, admin_subject: subject} do
+      conn =
+        %{conn | query_params: %{"client_platform" => "apple"}}
+        |> assign(:subject, subject)
+        |> redirect_if_user_is_authenticated([])
+
+      assert conn.halted
+      assert redirected_to(conn) =~ "firezone://handle_client_auth_callback"
+    end
+
     test "does not redirect if user is not authenticated", %{conn: conn} do
       conn = redirect_if_user_is_authenticated(conn, [])
       refute conn.halted