From 543070a94fd825e88f08d5cfd5946f9b25c70b38 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobi=20Sch=C3=A4fer?= <interface@p3k.org>
Date: Fri, 25 Apr 2025 15:47:02 +0200
Subject: [PATCH] Implement conditional redirect to root site after login

This way the account can be logged in to the default domain, too
---
 code/Members/Members.js | 18 +++++++++++++++++-
 code/Root/Root.js       | 18 ++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/code/Members/Members.js b/code/Members/Members.js
index 112b6f84..e3670076 100644
--- a/code/Members/Members.js
+++ b/code/Members/Members.js
@@ -202,7 +202,23 @@ Members.prototype.login_action = function() {
       }
 
       res.message = gettext('Welcome to {0}, {1}. Have fun!', res.handlers.site.getTitle(), user.name);
-      res.redirect(User.getLocation() || this._parent.href());
+
+      const location = User.getLocation() || this._parent.href();
+
+      // If the requested host is outside of the cookie domain, redirect and login to the root site, too
+      if (this._parent !== root && !req.getHeader("Host").includes(app.appsProperties.cookieDomain)) {
+        const token = java.util.UUID.randomUUID();
+        const digest = session.user.getDigest(token);
+        session.user.setMetadata('rootCookieToken', token);
+        res.redirect(
+          root.href('cookie')
+          + '?digest=' + encodeURIComponent(digest)
+          + '&name=' + encodeURIComponent(req.postParams.name)
+          + '&location=' + encodeURIComponent(location)
+        );
+      }
+
+      res.redirect(location);
     } catch (ex) {
       res.message = ex;
     }
diff --git a/code/Root/Root.js b/code/Root/Root.js
index 0207fea6..afe4efa3 100644
--- a/code/Root/Root.js
+++ b/code/Root/Root.js
@@ -94,6 +94,7 @@ Root.prototype.getPermission = function(action) {
   switch (action) {
     case '.':
     case 'main':
+    case 'cookie':
     case 'debug':
     case 'default.hook':
     case 'favicon.ico':
@@ -367,6 +368,23 @@ Root.prototype.mrtg_action = function() {
   return;
 }
 
+// Login to the root site if Members#login_action() redirects here
+// This way custom domains are getting the default domain cookie, too
+Root.prototype.cookie_action = function() {
+  if (req.data.digest && req.data.name) {
+    const user = User.getByName(req.data.name);
+    if (user) {
+      const token = user.getMetadata("rootCookieToken");
+      const digest = user.getDigest(token);
+      if (digest === req.data.digest) {
+        session.login(user);
+        user.deleteMetadata("rootCookieToken");
+      }
+    }
+  }
+  res.redirect(req.data.location || req.data.http_referer || root.href());
+};
+
 /**
  * Catch some undefined macro handlers, then delegate to the super prototype.
  * @param {String} name