diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 80bbbf4cf..ebb5896da 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -53,6 +53,21 @@ def safe_return_url(url) url end + # Build a return_data hash from a continue URL, extracting known query + # params (like skip_setup_flow) so they survive auth redirects. + def build_return_data(continue_url) + url = safe_return_url(continue_url) + return {} if url.blank? + + data = { "url" => url } + query = Rack::Utils.parse_query(URI.parse(url).query.to_s) + data["skip_setup_flow"] = true if query.key?("skip_setup_flow") + data["button_text"] = query["button_text"] if query["button_text"].present? + data + rescue URI::InvalidURIError + { "url" => url } + end + def authenticate_user! unless user_signed_in? redirect_to signin_path(continue: request.fullpath), alert: "Please sign in first!" diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb index 1cde0c5df..52284e623 100644 --- a/app/controllers/sessions_controller.rb +++ b/app/controllers/sessions_controller.rb @@ -1,6 +1,6 @@ class SessionsController < ApplicationController def hca_new - session[:return_data] = { "url" => safe_return_url(params[:continue].presence) } if params[:continue].present? + session[:return_data] = build_return_data(params[:continue]) if params[:continue].present? Rails.logger.info("Sessions return data: #{session[:return_data]}") redirect_uri = url_for(action: :hca_create, only_path: false) @@ -71,7 +71,7 @@ def slack_create if slack_state&.dig("close_window") redirect_to close_window_path elsif @user.previously_new_record? - session[:return_data] = { "url" => continue_url } + session[:return_data] = build_return_data(continue_url) redirect_to my_wakatime_setup_path, notice: notice elsif continue_url.present? redirect_to continue_url, notice: notice # codeql[rb/url-redirection] @@ -234,9 +234,8 @@ def token valid_token.mark_used! reset_session session[:user_id] = valid_token.user_id - session[:return_data] = valid_token.return_data || {} - continue_url = safe_return_url(valid_token.continue_param) + session[:return_data] = (valid_token.return_data || {}).merge(build_return_data(continue_url)) if continue_url.present? redirect_to continue_url, notice: "Successfully signed in!" # codeql[rb/url-redirection] else diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb index 0d79c1b49..1ca8d5a2a 100644 --- a/app/controllers/users_controller.rb +++ b/app/controllers/users_controller.rb @@ -6,8 +6,15 @@ class UsersController < InertiaController before_action :require_admin, only: [ :update_trust_level ] def wakatime_setup - api_key = ensure_api_key + # Hardware-program users skip editor setup and go straight to the + # "you're all set" page (step 4). Persist the flag so it survives the + # redirect even when it arrived as a bare query param. + if session.dig(:return_data, "skip_setup_flow") || params[:skip_setup_flow].present? + session[:return_data] = (session[:return_data] || {}).merge("skip_setup_flow" => true) + return redirect_to my_wakatime_setup_step_4_path + end + api_key = ensure_api_key render inertia: "WakatimeSetup/Index", props: { current_user_api_key: api_key.token, setup_os: detect_setup_os(request.user_agent).to_s, @@ -28,7 +35,12 @@ def wakatime_setup_step_3 end def wakatime_setup_step_4 + hardware = session.dig(:return_data, "skip_setup_flow").present? + # Clear so it doesn't persist across future visits + session[:return_data]&.delete("skip_setup_flow") + render inertia: "WakatimeSetup/Step4", props: { + hardware: hardware, return_url: session.dig(:return_data, "url"), return_button_text: session.dig(:return_data, "button_text") || "Done" } diff --git a/app/javascript/pages/WakatimeSetup/Step4.svelte b/app/javascript/pages/WakatimeSetup/Step4.svelte index 95d443157..4cbef06c9 100644 --- a/app/javascript/pages/WakatimeSetup/Step4.svelte +++ b/app/javascript/pages/WakatimeSetup/Step4.svelte @@ -1,14 +1,17 @@ @@ -21,6 +24,33 @@
+ {#if hardware} +
+ +
+

+ No code editor setup needed +

+

+ Since you're joining through a hardware program, you don't need to + set up a code editor right now. If you'd like to connect one later, + you can always do so from + My Setup on your dashboard. +

+
+
+ {/if} +

You're all set!

@@ -45,7 +75,7 @@ rel="noreferrer" class="underline font-semibold" > - >Fraud page.