[PR #1817] [MERGED] Recall intended route when manually clicking login #5899

New Issue

OVERLORD · 2026-02-05T10:19:53+03:00

OVERLORD commented

2026-02-05 10:19:53 +03:00

📋 Pull Request Information

Original PR: https://github.com/BookStackApp/BookStack/pull/1817
Author: @Xiphoseer
Created: 12/14/2019
Status: ✅ Merged
Merged: 3/14/2020
Merged by: @ssddanbrown

Base: master ← Head: feature/public-login-redirect

📝 Commits (1)

afa501e Recall previous route when manually clicking login

📊 Changes

2 files changed (+5 additions, -1 deletions)

View changed files

📝 app/Http/Controllers/Auth/LoginController.php (+4 -0)
📝 resources/views/common/header.blade.php (+1 -1)

📄 Description

Currently, for a non-public BookStack instance, the Authenticate Middleware sets the url.intended session key when accessing any link while not logged in, which tells the login procedure to redirect there after login.

A public BookStack instance will not exhibit this behavior for pages which require additional permissions, as a common 404 is returned (which is the correct thing to do). With these changes, the view at /login recognizes an optional query parameter intended and sets the intended redirect URL when present.

Our use-case is sharing links to a partially public BookStack instance with our team via E-Mail which they currently need to click twice if they are not already logged in.

In the future it may also be useful to redirect a not-logged-in user to the login page with intended set instead of the root when accessing URLs like /settings.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/BookStackApp/BookStack/pull/1817 **Author:** [@Xiphoseer](https://github.com/Xiphoseer) **Created:** 12/14/2019 **Status:** ✅ Merged **Merged:** 3/14/2020 **Merged by:** [@ssddanbrown](https://github.com/ssddanbrown) **Base:** `master` ← **Head:** `feature/public-login-redirect` --- ### 📝 Commits (1) - [`afa501e`](https://github.com/BookStackApp/BookStack/commit/afa501e75b481651b7b520f449bb768dc5949ddc) Recall previous route when manually clicking login ### 📊 Changes **2 files changed** (+5 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `app/Http/Controllers/Auth/LoginController.php` (+4 -0) 📝 `resources/views/common/header.blade.php` (+1 -1) </details> ### 📄 Description Currently, for a non-public BookStack instance, the [Authenticate Middleware](https://github.com/BookStackApp/BookStack/blob/02af69ddf29e0a2d03cc3a8660bfca9a65175afc/app/Http/Middleware/Authenticate.php#L44) sets the `url.intended` session key when accessing any link while not logged in, which tells the [login procedure](https://github.com/BookStackApp/BookStack/blob/02af69ddf29e0a2d03cc3a8660bfca9a65175afc/app/Http/Controllers/Auth/LoginController.php#L110) to redirect there after login. A public BookStack instance will not exhibit this behavior for pages which require additional permissions, as a common 404 is returned (which is the correct thing to do). With these changes, the view at `/login` recognizes an optional query parameter `intended` and sets the intended redirect URL when present. Our use-case is sharing links to a partially public BookStack instance with our team via E-Mail which they currently need to click twice if they are not already logged in. In the future it may also be useful to redirect a not-logged-in user to the login page with `intended` set instead of the root when accessing URLs like `/settings`. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

OVERLORD added the pull-request label 2026-02-05 10:19:53 +03:00

OVERLORD closed this issue

2026-02-05 10:19:57 +03:00

OVERLORD referenced this issue

2026-02-05 10:36:13 +03:00

[PR #5899] [MERGED] Exports: Updated perm checking for images in ZIP exports #6588

Sign in to join this conversation.