Redirect after login?

glassdimly

Here's the workflow I want:

I am a new user, I wish to post a reply.
I click "Log in to reply"
I create a new account
I am redirected back to the post from which I clicked "Log in to reply"

It would seem to me that this is a common use case and that I wouldn't need to hack on NodeBB to accomplish this, yet I haven't found a plugin, setting, or detail in a forum post to accomplish this.

Since this is so common and since I'm new to NodeBB, surely someone has done this--could that person share their code or even their basic technical approach?

Thanks!

gotwf

@glassdimly I dummo. One thing for sure is such a workflow facilitates bot hacker types exploiting your site. Of course there are captcha modules and such to mitigate this to some degree. I was just thinking, however, that sometimes offering the lowest hanging fruit for new user signup and posting is not always all it is cracked up to be.... Particularly if you reside somewhere that may be having an election any time soon.

glassdimly

@gotwf The problem is this is for non-technical people. So it's a balance.

gotwf

Not sure. I have some pretty low tech members but they manage to figure it out well enough to get by. I think key success points are having clearly outlined processes in a prominently displayed FAQ, coupled with good helpers, who may not necessarily be overly technical themselves, but are long on patience and kindness. IOW, the unsung heros of many communities, both online and in the real.

It is important to understand what your use case is, and admittedly I do not. I do know that community and social sites are being targeted at unprecedented levels by state sponsored cyber warfare. Keeping the onslaught of bots at bay requires concerted effort and the bar keeps needing to be raised.

The use case you desire is only a small variance from what presently is the case (at least to my reading): Removal of the email verification step. Definitely lowers the bar for the more easily befuddled. But in so doing you have also essentially removed the bar for bot accounts. How now, will you verify/vett new user accounts? A few possibilities:

No vetting. This is already accommodated in the admin UI.
Parse input and presume that if it looks like an email address then it is a legitimate email address.
Verify email is able to be sent to said address.
Verify email is able to be received at said address.

Even #4 , which is where you are at now, will still result in bots and sock puppet accounts. NodeBB has some plugin modules designed to help mitigate such but even still, these pesky buggers are persistent and AI is advancing rapidly.

It is also important to understand what kind of scale you are anticipating. Oversight of a small site of twenty or thirty closely knit members is easy to manage. Up the ante to a couple thousand and those tactics become untenable.

Be that as it may, only you can judge and assess best for your use case. I am just tossin' out some considerations that may or may not apply.

glassdimly

Hi @gotwf,

Thank you for your input, and I hear you. Currently, client wants to let users log in and post immediately--and to be clear that's already configured and done, an option in NodeBB. If we get spam, easy to change. We also have good mods.

The only thing I need here is that I want them to be redirected to the page from which they started. I could write a cookie or something, or maybe make a query string deal. I could even track down the login button and try to ajaxify it. But I'm sure others have done this, so I thought I'd ask.

The question is the same whether someone registers or logs in: I want them to be redirected back to the page from which they clicked "Log in to post".

In other systems, namely Drupal, this is what happens, which is why as a dev I think it's important.

Users also expect this. They don't want to hit the back button to get to where they were before. Some low-tech users like grandmas just get confused at that point.

PitaJ

@glassdimly that should be the current behavior. I believe it is a bug that it doesn't behave abusing to your expectations. Will you open a bug on GitHub?

gotwf

@glassdimly Just for my own clarification:

You are skipping the email validation all together then?
After registration users remain parked at sign up and not redirected to the page from which they initially hit reply?

Okay. I was not referencing spam so much as sock puppet bots. Maybe watch The Great Hack documentary if you've not already.

This is more along the lines of the kind of stuff I am referencing. It's pretty rampant. But I also come to this from a systems background, reviled far and wide for mercilessly spoiling developers' bliss.... Regular Bastard Operators From Hell, we are.

Apologies for my feeble reading comprehension. Have fun and good luck!

glassdimly

Yeah, thinking about that problem now. I don't care if people post w/o verification (we'll see if that's a problem), but what I DON'T want is notifications sent to unverified email addresses. That would ruin our smtp status.

gotwf

I try not to succumb to the Chicken Little Syndrome but the situation is pretty bad. I know folks managing forums (using other offerings) who have had to resort to an "admin approval" step for new user sign up. They do revel in identity politics though, and hence a juicy target.

Cutting to the chase: You are at least aware, so you are already one step ahead of many. Analyze your pro/cons accordingly for your use case. NodeBB rocks. I've got some tricks up my sleeve out in front of it but NodeBB has thus far served me quite well. I rate it as one of the best FOSS projects I have used. Especially in recent memory. Hence, you've already got it eighty percent correct. Now yer' just tweakin' knobs...

glassdimly

Here's what I ended up doing. Feels reeealy hacky.

in footer.tpl

window.addEventListener('DOMContentLoaded', function () {
			$(window).on('action:ajaxify.contentLoaded', function(data) {
				// attach to all login/reg buttons except for the login and register buttons on the login page.
				$("a[href$='/login'], a[href$='/register']").not('#login').not('#login__no-acct').each(function(i, el){
					$(el).off('click').on('click', function(){
						window.setCookie('login:referrer', window.location.href, 10);
					});
				});
			});
		});
	</script>

in profile.tpl

<script>
	var referrer = window.getCookie('login:referrer');

	if (referrer && window.getCookie('login:shouldRedirect')) {
		window.setCookie('login:shouldRedirect', '', 0)
		window.setCookie('login:referrer', '', 0)
		window.location.href = referrer;
	}
</script>

in registerComplete.tpl

<script>
	window.setCookie('login:shouldRedirect', 'true', 10);
</script>

...and attaching setCookie/getCookie on window in header.

Probably could do this all with client-side hooks now that I understand them though.