Redirect users to login if a page is not public #2138

New Issue

OVERLORD · 2026-02-05T03:04:35+03:00

OVERLORD commented

2026-02-05 03:04:35 +03:00

Originally created by @dorianim on GitHub (Mar 2, 2021).

Describe the feature you'd like
Redirect users to login if they are trying to access a page that is not available publicly. Currently, it looks like the page does not exist in that case.

Describe the benefits this feature would bring to BookStack users
For inexperienced users, it would be much more intuitive to be redirected to the login form immediately when they are trying to access a page that does exist but is not open for the public.

Additional context
We want to use BookStack for internal documentation and many of our users are confused when they get the error that the page does not exist.

Would be nice to have a solution for this :)

Originally created by @dorianim on GitHub (Mar 2, 2021). **Describe the feature you'd like** Redirect users to login if they are trying to access a page that is not available publicly. Currently, it looks like the page does not exist in that case. **Describe the benefits this feature would bring to BookStack users** For inexperienced users, it would be much more intuitive to be redirected to the login form immediately when they are trying to access a page that does exist but is not open for the public. **Additional context** We want to use BookStack for internal documentation and many of our users are confused when they get the error that the page does not exist. Would be nice to have a solution for this :)

OVERLORD closed this issue

2026-02-05 03:04:42 +03:00

OVERLORD commented

2026-02-05 03:04:46 +03:00

@ssddanbrown commented on GitHub (Mar 2, 2021):

Hi @CodeCrafter912,
Just to confirm, your BookStack instance is a mix of public and non-public information?

@ssddanbrown commented on GitHub (Mar 2, 2021): Hi @CodeCrafter912, Just to confirm, your BookStack instance is a mix of public and non-public information?

OVERLORD commented

2026-02-05 03:04:51 +03:00

@dorianim commented on GitHub (Mar 2, 2021):

Hi @ssddanbrown
Yes, indeed :)

@dorianim commented on GitHub (Mar 2, 2021): Hi @ssddanbrown Yes, indeed :)

OVERLORD commented

2026-02-05 03:04:59 +03:00

@ssddanbrown commented on GitHub (Mar 3, 2021):

@CodeCrafter912 Thanks for confirming. The lack of distinction is done kind of on purpose to otherwise you're leaking the fact that the content exists. Even if we did do this, we won't know if the user will be able to view the content once logged in so the auto-redirect to login could cause more confusion in those cases.

We've tried to hint to users within this view with the text that shows:

If you expected this page to exist, you might not have permission to view it.

We also show the login button as one of the primary actions as a further hint.

If customizing the 404 page HTML would help I can provide some guidance how to do so using the theme system. Just let me know.

@ssddanbrown commented on GitHub (Mar 3, 2021): @CodeCrafter912 Thanks for confirming. The lack of distinction is done kind of on purpose to otherwise you're leaking the fact that the content exists. Even if we did do this, we won't know if the user will be able to view the content once logged in so the auto-redirect to login could cause more confusion in those cases. We've tried to hint to users within this view with the text that shows: > If you expected this page to exist, you might not have permission to view it. We also show the login button as one of the primary actions as a further hint. If customizing the 404 page HTML would help I can provide some guidance how to do so [using the theme system](https://www.bookstackapp.com/docs/admin/hacking-bookstack/#theme-system). Just let me know.

OVERLORD commented

2026-02-05 03:05:05 +03:00

@dorianim commented on GitHub (Mar 3, 2021):

Hi @ssddanbrown
I understand that this is unfortunate. But modifying the 404 page might hlep indeed, I will look into that, thanks :)

@dorianim commented on GitHub (Mar 3, 2021): Hi @ssddanbrown I understand that this is unfortunate. But modifying the 404 page might hlep indeed, I will look into that, thanks :)

OVERLORD commented

2026-02-05 03:05:13 +03:00

@dorianim commented on GitHub (Mar 4, 2021):

Alright, so I modified the theme in a way that makes the situation more clear for our users.
Would it be possible to pass some GET parameter to /login which contains the redirect URL?
This way I could create a URL which directs users to the login and to the desired page afterwards.
How is this done currently? Using the Referrer Header?
Thanks for your efforts :)

@dorianim commented on GitHub (Mar 4, 2021): Alright, so I modified the theme in a way that makes the situation more clear for our users. Would it be possible to pass some GET parameter to `/login` which contains the redirect URL? This way I could create a URL which directs users to the login and to the desired page afterwards. How is this done currently? Using the Referrer Header? Thanks for your efforts :)

OVERLORD commented

2026-02-05 03:05:19 +03:00

@dorianim commented on GitHub (Mar 4, 2021):

Another option would be to simply @include('auth.forms.login.ldap') the login form into the 404 page, but for doing that I would also need some way to tell BookStack not to redirect to / after a successful login. Is that somehow possible?

@dorianim commented on GitHub (Mar 4, 2021): Another option would be to simply `@include('auth.forms.login.ldap')` the login form into the 404 page, but for doing that I would also need some way to tell BookStack not to redirect to / after a successful login. Is that somehow possible?

OVERLORD commented

2026-02-05 03:05:24 +03:00

@ssddanbrown commented on GitHub (Mar 5, 2021):

How is this done currently? Using the Referrer Header?

Yeah, This should already work right now, as long as you lead users directly to the login page. The login route re-stores the previous page URL to allow follow-on redirect to the previous location. Just tested on the demo site and seems to work as detailed.

@ssddanbrown commented on GitHub (Mar 5, 2021): > How is this done currently? Using the Referrer Header? Yeah, This should already work right now, as long as you lead users directly to the login page. The login route re-stores the previous page URL to allow follow-on redirect to the previous location. Just tested on the demo site and seems to work as detailed.

OVERLORD commented

2026-02-05 03:05:29 +03:00

@dorianim commented on GitHub (Mar 5, 2021):

I found a perfect solution for me:
I simply included the login form into the 404 component and manually set the url.intended session parameter to redirect to the page I want:

    <div class="card container small mb-xl px-l pb-l pt-l">
        <div class="v-center">
            <div>
                @if(signedInUser())
                    <h1 class="list-heading">{{ $message ?? trans('errors.404_page_not_found') }}</h1>
                    <h5>{{ trans('errors.sorry_page_not_found') }}</h5>
                @else
                    <h1>{{ trans('errors.401_permission_denied') }}</h1>
                    <h5>{{ trans('errors.please_sign_in') }}</h5>
                    @include('auth.forms.login.ldap')
                    @php
                        Session::put('url.intended', URL::current());
                    @endphp
                @endif

                <a href="{{ url('/') }}" class="button outline">{{ trans('errors.return_home') }}</a>
            </div>
        </div>
    </div>

This works for me and I understand that you don't want to build this into the official version, so I am closing this issue.
The theme engine is great by the way! 😃

@dorianim commented on GitHub (Mar 5, 2021): I found a perfect solution for me: I simply included the login form into the 404 component and manually set the `url.intended` session parameter to redirect to the page I want: ``` <div class="card container small mb-xl px-l pb-l pt-l"> <div class="v-center"> <div> @if(signedInUser()) <h1 class="list-heading">{{ $message ?? trans('errors.404_page_not_found') }}</h1> <h5>{{ trans('errors.sorry_page_not_found') }}</h5> @else <h1>{{ trans('errors.401_permission_denied') }}</h1> <h5>{{ trans('errors.please_sign_in') }}</h5> @include('auth.forms.login.ldap') @php Session::put('url.intended', URL::current()); @endphp @endif <a href="{{ url('/') }}" class="button outline">{{ trans('errors.return_home') }}</a> </div> </div> </div> ``` This works for me and I understand that you don't want to build this into the official version, so I am closing this issue. The theme engine is great by the way! :smiley:

OVERLORD commented

2026-02-05 03:05:32 +03:00

@ssddanbrown commented on GitHub (Mar 6, 2021):

@CodeCrafter912 Awesome, Good to see someone put the theme system to good use. Just keep in mind that the views are not considered stable so you may want to quickly check any customizations are working after any updates.

Going forward I want to slowly break the views down into smaller blocks for easier & more selective overriding.

@ssddanbrown commented on GitHub (Mar 6, 2021): @CodeCrafter912 Awesome, Good to see someone put the theme system to good use. Just keep in mind that the views are not considered stable so you may want to quickly check any customizations are working after any updates. Going forward I want to slowly break the views down into smaller blocks for easier & more selective overriding.

Sign in to join this conversation.

Branches Tags

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/BookStack#2138