auth: redirect to the originally requested page after login (#1946)

[kaligrafy]

When an unauthenticated user opened a protected URL (e.g. an account verification link), PrivateRoute sent them to /login but did not remember where they came from, so after logging in they always landed on the home page and had to click the original link again.

The post-login redirect logic already existed: redirectAfterLogin reads location.state.referrer. PrivateRoute now supplies it, capturing the requested path and passing it as the login navigation state, so the user is sent back to the originally requested URL after authenticating.

Adds a unit test for the redirect state and a Playwright UI test reproducing the verify-link scenario, plus a reusable goToUrlTest helper.

closes #1946

Code by Claude Opus 4.8 Low thinking, reviewed by @kaligrafy

Summary by CodeRabbit

• New Features

  • Enhanced login redirect flow to preserve and return users to their originally requested page after authentication, instead of redirecting to the home page.

• Tests

  • Added comprehensive test coverage for authentication redirect behavior, including multiple protected URL variants and end-to-end login redirect scenarios.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2f1e4c1b-86e1-4a5c-9a0c-ab8192d6e9ee

📥 Commits

Reviewing files that changed from the base of the PR and between 5db56ec and 9399146.

📒 Files selected for processing (4)

• packages/chaire-lib-frontend/src/components/routers/PrivateRoute.tsx
• packages/chaire-lib-frontend/src/components/routers/__tests__/PrivateRoute.test.tsx
• packages/transition-frontend/ui-tests/login-redirect-tests.spec.ts
• packages/transition-frontend/ui-tests/testHelpers.ts

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: code-lint
• GitHub Check: build-and-run-UI-tests (24.x)
• GitHub Check: pr-build-check
• GitHub Check: build-and-test (24.x)
• GitHub Check: test-sequential (24.x)

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/project-rule.mdc)

**/*.{ts,tsx}: Use UUIDs as primary keys for most entities in the database
Use the Status/Result pattern from chaire-lib-common for service functions and handlers
Indent using 4 spaces
Do not use trailing spaces, even in comments or documentation; replace lines with only spaces with blank lines
Use parentheses for arrow function parameters
Document non-trivial functions and attributes using JSDoc or inline comments when short
Use Geographic data in GeoJSON format with coordinates as [longitude, latitude]
Use i18next and the t() function for all user-facing strings to support internationalization

Files:

• packages/chaire-lib-frontend/src/components/routers/__tests__/PrivateRoute.test.tsx
• packages/chaire-lib-frontend/src/components/routers/PrivateRoute.tsx
• packages/transition-frontend/ui-tests/login-redirect-tests.spec.ts
• packages/transition-frontend/ui-tests/testHelpers.ts

**/*.test.{ts,tsx}

📄 CodeRabbit inference engine (.cursor/rules/project-rule.mdc)

Favor parametric tests when more than one expect statement is used to simplify debugging of failed tests

Files:

• packages/chaire-lib-frontend/src/components/routers/__tests__/PrivateRoute.test.tsx

**/*.ts

📄 CodeRabbit inference engine (.cursor/rules/project-rule.mdc)

Use TypeScript strictly and avoid any types - maintain type safety throughout the application

Files:

• packages/transition-frontend/ui-tests/login-redirect-tests.spec.ts
• packages/transition-frontend/ui-tests/testHelpers.ts

🧠 Learnings (1)

📚 Learning: 2026-02-24T00:36:44.483Z

Learnt from: kaligrafy
Repo: chairemobilite/transition PR: 1779
File: packages/chaire-lib-backend/src/models/db/__tests__/propertyRegistry.db.test.ts:253-258
Timestamp: 2026-02-24T00:36:44.483Z
Learning: In test files, it is acceptable to use 'any' types for error handling and test scenarios. Reserve strict TypeScript typing for production code; in tests, prioritize pragmatic, readable test cases, and use 'any' only where it clearly improves test clarity or reduces boilerplate.

Applied to files:

• packages/chaire-lib-frontend/src/components/routers/__tests__/PrivateRoute.test.tsx
• packages/transition-frontend/ui-tests/login-redirect-tests.spec.ts

🔇 Additional comments (4)

packages/chaire-lib-frontend/src/components/routers/PrivateRoute.tsx (1)

8-8: LGTM!

Also applies to: 24-30, 48-48

packages/chaire-lib-frontend/src/components/routers/__tests__/PrivateRoute.test.tsx (1)

15-27: LGTM!

Also applies to: 29-41, 45-54

packages/transition-frontend/ui-tests/testHelpers.ts (1)

28-28: LGTM!

Also applies to: 103-112

packages/transition-frontend/ui-tests/login-redirect-tests.spec.ts (1)

12-43: LGTM!

---

Walkthrough

This PR adds referrer tracking to unauthenticated redirects in PrivateRoute. When users request a protected URL without authentication, the component now captures that URL (including query parameters and hash) and passes it via React Router navigation state to the /login redirect. This allows downstream login logic to return users to their originally requested page after successful authentication. The change includes unit tests verifying the referrer is preserved during redirect, a new test helper for URL navigation, and an end-to-end UI test validating the complete redirect flow.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: updating PrivateRoute to redirect users back to their originally requested page after login.
Linked Issues check	✅ Passed	The PR implementation directly addresses issue #1946 by capturing the requested path in PrivateRoute and passing it as referrer state to enable post-login redirect.
Out of Scope Changes check	✅ Passed	All changes are directly related to the login redirect objective: core PrivateRoute logic, unit tests, UI tests, and a supporting test helper. No unrelated modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}