Server side decides where to redirect

packages/app/src/components/LoginForm.tsx

@@ -2,7 +2,6 @@ import React, {
   useState, useEffect, useCallback,
 } from 'react';
 
-import { USER_STATUS } from '@growi/core';
 import { useTranslation } from 'next-i18next';
 import { useRouter } from 'next/router';
 import ReactCardFlip from 'react-card-flip';
@@ -95,16 +94,12 @@ export const LoginForm = (props: LoginFormProps): JSX.Element => {
 
     try {
       const res = await apiv3Post('/login', { loginForm });
-      const { redirectTo, userStatus } = res.data;
+      const { redirectTo } = res.data;
 
       if (redirectTo != null) {
         return router.push(redirectTo);
       }
 
-      if (userStatus !== USER_STATUS.ACTIVE) {
-        window.location.href = '/';
-      }
-
       return router.push('/');
     }
     catch (err) {

packages/app/src/server/routes/login-passport.js

@@ -120,17 +120,23 @@ module.exports = function(crowi, app) {
 
     await crowi.activityService.createActivity(parameters);
 
-    if (isExternalAccount) {
-      return res.redirect(res.locals.redirectTo ?? '/');
-    }
 
-    // check for redirection to '/invited'
-    const redirectTo = req.user.status === User.STATUS_INVITED ? '/invited' : req.session.redirectTo;
+    let redirectTo = '/';
+    if (req.user.status === User.STATUS_INVITED) {
+      redirectTo = '/invited';
+    }
+    else if (req.user.status !== User.STATUS_ACTIVE) {
+      redirectTo = '/';
+    }
+    else if (res.locals.redirectTo != null) {
+      redirectTo = res.locals.redirectTo;
+    }
 
-    // remove session.redirectTo
-    delete req.session.redirectTo;
+    if (isExternalAccount) {
+      return res.redirect(redirectTo);
+    }
 
-    return res.apiv3({ redirectTo, userStatus: req.user.status });
+    return res.apiv3({ redirectTo });
   };
 
   const injectRedirectTo = (req, res, next) => {