Improve bit Boilerplate sign-in process (#11113)

[ysmoradi]

closes #11113

Summary by CodeRabbit

• Bug Fixes

  • Improved cookie handling to ensure proper removal and storage by explicitly setting the cookie domain, enhancing sign-in and cache-clearing reliability.

• Refactor

  • Centralized and streamlined the logic for handling return URLs during the sign-in process, providing more consistent navigation after authentication.
  • Updated internal parameter naming for better clarity in the sign-in modal and panel.

[coderabbitai]

Walkthrough

The changes update the handling of return URLs in the sign-in flow, introduce a new ReturnUrl parameter, and centralize its logic in the SignInPanel component. Additionally, cookie operations in authentication and diagnostics now explicitly set the domain to the server's host when storing or removing cookies.

Changes

File(s)	Change Summary
.../Components/Layout/Diagnostic/AppDiagnosticModal.razor.Utils.cs	Updated ClearCache to set the cookie domain to the server's host when removing cookies.
.../Services/AuthManager.cs	Replaced ITelemetryContext with AbsoluteServerAddressProvider; set cookie domain to server host in methods.
.../Pages/Identity/SignIn/SignInModal.razor	Changed property passed to SignInPanel from ReturnUrlQueryString to ReturnUrl.
.../Pages/Identity/SignIn/SignInPanel.razor	Updated links to use GetReturnUrl() for encoding return URLs.
.../Pages/Identity/SignIn/SignInPanel.razor.cs	Added [Parameter] public string? ReturnUrl { get; set; }; centralized return URL logic in GetReturnUrl().

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant SignInModal
    participant SignInPanel
    participant AuthManager
    participant Server

    User->>SignInModal: Opens sign-in modal
    SignInModal->>SignInPanel: Passes ReturnUrl parameter
    User->>SignInPanel: Submits credentials
    SignInPanel->>AuthManager: Calls sign-in with credentials and GetReturnUrl()
    AuthManager->>Server: Authenticates user
    Server-->>AuthManager: Returns tokens
    AuthManager->>AuthManager: Stores tokens (sets cookie with domain)
    AuthManager-->>SignInPanel: Sign-in result
    SignInPanel->>User: Navigates to GetReturnUrl()

Loading

Assessment against linked issues

Objective	Addressed	Explanation
Improve and centralize return URL handling in sign-in flow (#11113)	✅
Add ReturnUrl parameter and use it in SignInPanel (#11113)	✅
Ensure proper domain is set when storing/removing cookies in authentication and diagnostics (#11113)	✅

Poem

A bunny hopped through code so neat,
Tidying sign-in’s winding street.
With cookies set on proper ground,
And return URLs now clearly found.
From modal to panel, the logic aligned—
This rabbit’s work, robustly designed!
🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai auto-generate unit tests to generate unit tests for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[Copilot]

Pull Request Overview

This PR enhances the sign-in flow by properly setting cookie domains and unifying return URL logic across components.

• Injects AbsoluteServerAddressProvider into AuthManager (and diagnostic modal utils) to set cookie Domain dynamically
• Introduces a GetReturnUrl helper and adds a new ReturnUrl parameter to SignInPanel, replacing direct use of query-string-only logic
• Updates SignInModal and Razor markup to pass and use the new ReturnUrl parameter

Reviewed Changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
AuthManager.cs	Injects and uses AbsoluteServerAddressProvider for cookie domain
SignInPanel.razor.cs	Adds ReturnUrl param and GetReturnUrl method, updates calls
SignInPanel.razor	Switches link Hrefs to use GetReturnUrl()
SignInModal.razor	Passes new ReturnUrl parameter instead of query-string property
AppDiagnosticModal.razor.Utils.cs	Applies same cookie-domain injection pattern

Comments suppressed due to low confidence (4)

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/AuthManager.cs:23

• [nitpick] The field name absoluteServerAddress is a provider; consider renaming it to absoluteServerAddressProvider for clarity and consistency with other injected services.

    [AutoInject] private AbsoluteServerAddressProvider absoluteServerAddress = default!;

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/AuthManager.cs:18

• The telemetryContext injection has been removed; verify that ITelemetryContext is no longer used in this class or restore the injection to avoid runtime errors or missing telemetry.

    [AutoInject] private IAuthTokenProvider tokenProvider = default!;

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInPanel.razor.cs:21

• [nitpick] Add an XML doc comment above GetReturnUrl to explain its fallback order (parameter → query string → home page) for future maintainers.

    private string GetReturnUrl() => ReturnUrl ?? ReturnUrlQueryString ?? Urls.HomePage;

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInPanel.razor.cs:21

• [nitpick] Consider adding unit tests for GetReturnUrl to cover scenarios when ReturnUrl, ReturnUrlQueryString, or neither is set, ensuring fallback logic behaves as expected.

    private string GetReturnUrl() => ReturnUrl ?? ReturnUrlQueryString ?? Urls.HomePage;

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Knowledge Base: Disabled due to Reviews > Disable Knowledge Base setting

📥 Commits

Reviewing files that changed from the base of the PR and between da417ce and 516fa13.

📒 Files selected for processing (5)

• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Layout/Diagnostic/AppDiagnosticModal.razor.Utils.cs (1 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInModal.razor (1 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInPanel.razor (2 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInPanel.razor.cs (5 hunks)
• src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/AuthManager.cs (3 hunks)

🧰 Additional context used

🧬 Code Graph Analysis (1)

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/AuthManager.cs (1)

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/AbsoluteServerAddressProvider.cs (1)

• AbsoluteServerAddressProvider (10-28)

🔇 Additional comments (12)

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInModal.razor (1)

14-14: LGTM! Parameter name updated to align with refactoring.

The parameter name change from ReturnUrlQueryString to ReturnUrl is consistent with the new parameter introduced in SignInPanel and maintains the same functionality.

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInPanel.razor (2)

74-74: LGTM! Centralized return URL handling for forgot password link.

The change to use GetReturnUrl() method instead of direct property access provides consistent return URL handling with proper fallback logic.

---

144-144: LGTM! Centralized return URL handling for sign up link.

The change to use GetReturnUrl() method instead of direct property access ensures consistent return URL handling throughout the component.

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Components/Pages/Identity/SignIn/SignInPanel.razor.cs (6)

21-21: LGTM! Well-designed centralized return URL logic.

The GetReturnUrl() method provides a clean fallback hierarchy: parameter → query string → default home page. This centralizes the logic and makes it easy to maintain.

---

23-24: LGTM! New parameter enhances flexibility.

The new ReturnUrl parameter allows for more flexible return URL handling, enabling both programmatic and query string-based return URL specification.

---

144-144: LGTM! Consistent return URL handling in sign-in flow.

Using GetReturnUrl() ensures the model gets the correct return URL based on the centralized logic.

---

188-188: LGTM! Consistent navigation after successful sign-in.

Using GetReturnUrl() for navigation ensures users are redirected to the correct location after successful authentication.

---

248-248: LGTM! Consistent return URL for social sign-in.

Using GetReturnUrl() ensures social sign-in redirects follow the same return URL logic as other authentication methods.

---

324-324: LGTM! Consistent return URL for OTP flow.

Using GetReturnUrl() ensures the OTP flow maintains consistent return URL handling throughout the authentication process.

src/Templates/Boilerplate/Bit.Boilerplate/src/Client/Boilerplate.Client.Core/Services/AuthManager.cs (3)

23-23: LGTM: Proper dependency injection.

The addition of AbsoluteServerAddressProvider injection is correctly implemented and will be used to ensure consistent cookie domain handling.

---

64-64: LGTM: Consistent cookie domain setting.

Explicitly setting the cookie domain when storing the access token ensures proper cookie scoping and security. The implementation correctly uses the server host from the injected provider.

---

227-227: LGTM: Consistent cookie domain setting for removal.

The cookie removal operation now properly specifies the domain, ensuring the cookie is removed from the correct domain. This mirrors the domain setting used when storing the cookie.