Bugfix: redirect body

bin/run-tests

@@ -1,3 +1,3 @@
 #!/usr/bin/env bash
 
-clojure -M:test:cms -m kaocha.runner
+clojure -M:test:cms -m kaocha.runner $@

plugins/auth/systems/bread/alpha/plugin/auth.cljc

@@ -263,12 +263,12 @@
     (if (and protected? anonymous?)
       (assoc req
              :status 302
+             :body redirect-uri
              :headers (assoc headers "Location" redirect-uri))
       req)))
 
 (defmethod bread/action ::set-session
-  [{::bread/keys [data] :keys [params query-string session] :as res}
-   {:keys [max-failed-login-count require-mfa?]} _]
+  [{::bread/keys [data] :keys [params session] :as res} {:keys [require-mfa?]} _]
   (let [{{:keys [valid user]} :auth/result} data
         current-step (:auth/step session)
         login-step? (nil? current-step)
@@ -307,7 +307,7 @@
     (cond-> (-> res
                 (assoc :session session)
                 (assoc-in [::bread/data :session] session))
-      valid (assoc :status 302)
+      valid (assoc :status 302 :body redirect-to)
       valid (assoc-in [:headers "Location"] redirect-to)
       (not valid) (assoc :status 401))))
 
@@ -360,10 +360,11 @@
         {:valid valid :user user}))))
 
 (defmethod bread/action ::logout [res _ _]
-  (-> res
-      (assoc :session nil :status 302)
-      (assoc-in [::bread/data :session] nil)
-      (assoc-in [:headers "Location"] (bread/config res :auth/login-uri))))
+  (let [login-uri (bread/config res :auth/login-uri)]
+    (-> res
+        (assoc :session nil :status 302 :body login-uri)
+        (assoc-in [::bread/data :session] nil)
+        (assoc-in [:headers "Location"] login-uri))))
 
 (defmethod bread/action ::matches-protected-prefix?
   [{:keys [uri]} {:keys [protected-prefixes]} [protected?]]
@@ -420,10 +421,12 @@
 (defmethod bread/action ::=>logged-in
   [{:as req :keys [session]} {:keys [flash]} _]
   (if (:user session)
-    (assoc req
-           :status 302
-           :headers {"Location" (bread/hook req ::logged-in-uri "/")}
-           :flash flash)
+    (let [redirect-to (bread/hook req ::logged-in-uri "/")]
+      (assoc req
+             :status 302
+             :headers {"Location" redirect-to}
+             :flash flash
+             :body redirect-to))
     req))
 
 (defmethod bread/dispatch ::login=>
@@ -437,7 +440,6 @@
         logout? (= "logout" (:submit params))
         setup-two-factor? (= :setup-two-factor step)
         two-factor? (= :two-factor step)
-        redirect-to (get params (bread/config req :auth/next-param))
         username (if two-factor?
                    (:user/username (:auth/user session))
                    (:username params))

plugins/auth/systems/bread/alpha/plugin/signup.cljc

@@ -78,6 +78,7 @@
                                                 {:invitation/email [*]}]) .]
                                :in [$ ?code]
                                :where [[?e :invitation/code ?code]
+                                       ;; TODO expire code
                                        (not [?e :invitation/redeemer])]}
                              (sha-512 (:code params))]})
         expansions [{:expansion/key :config

src/systems/bread/alpha/component.cljc

@@ -128,10 +128,12 @@
       :else nil)))
 
 (defmethod bread/action ::render
-  [{::bread/keys [data] :as res} _ _]
-  (let [component (match res)
-        body (render component data)]
-    (assoc res :body body)))
+  [{:keys [::bread/data body] :as res} _ _]
+  (if body
+   res
+   (let [component (match res)
+         body (render component data)]
+     (assoc res :body body))))
 
 (defmethod bread/action ::hook-fn
   [req _ _]

src/systems/bread/alpha/defaults.cljc

@@ -1,7 +1,5 @@
 (ns systems.bread.alpha.defaults
   (:require
-    [ring.util.anti-forgery :refer [anti-forgery-field]]
-
     [systems.bread.alpha.core :as bread]
     [systems.bread.alpha.component :as component]
     [systems.bread.alpha.database :as db]
@@ -22,16 +20,6 @@
   {:config
    {:site/name site-name}})
 
-(defmethod bread/action ::anti-forgery
-  [{:as req :keys [anti-forgery-token]} _ _]
-  (-> req
-      (assoc-in [::bread/data :ring/anti-forgery-token] anti-forgery-token)
-      (assoc-in [::bread/data :ring/anti-forgery-token-field]
-                (fn anti-forgery-token-field []
-                  [:input {:type :hidden
-                           :name :__anti-forgery-token
-                           :value anti-forgery-token}]))))
-
 (defn plugins [{:keys [components db i18n routes site user]}]
   [(site-plugin site)
    (dispatcher/plugin)
@@ -47,7 +35,7 @@
        :action/description "Include standard Ring request data"}
       {:action/name ::config
        :action/description "Include global config in ::bread/data"}
-      {:action/name ::anti-forgery
+      {:action/name ::ring/anti-forgery
        :action/description "Include Ring anti-forgery utilities."}]
      ::bread/response
      [{:action/name ::ring/response

src/systems/bread/alpha/ring.cljc

@@ -89,6 +89,17 @@
   (let [renames (into {} (map (juxt identity (comp (partial keyword n) name)) (keys m)))]
     (clojure.set/rename-keys m renames)))
 
+(defmethod bread/action ::anti-forgery
+  [{:as req :keys [anti-forgery-token]} _ _]
+  (-> req
+      (assoc-in [::bread/data :ring/anti-forgery-token] anti-forgery-token)
+      (assoc-in [::bread/data :ring/anti-forgery-token-field]
+                (fn anti-forgery-token-field []
+                  (when anti-forgery-token
+                    [:input {:type :hidden
+                             :name :__anti-forgery-token
+                             :value anti-forgery-token}])))))
+
 (defmethod bread/action ::request-data
   [req _ _]
   (let [req-keys (bread/hook req ::request-keys [:content-length
@@ -127,7 +138,8 @@
         (assoc res
                :flash (or flash (:flash res))
                :status (if permanent? 301 302)
-               :headers headers))
+               :headers headers
+               :body to))
       res)))
 
 (defmethod bread/action ::effect-redirect effect->redirect