heisbuba
diff --git a/‎src/blueprints/auth.py‎
Lines changed: 21 additions & 4 deletions b/‎src/blueprints/auth.py‎
Lines changed: 21 additions & 4 deletions
@@ -11,14 +11,17 @@ def login_required(f):
     @functools.wraps(f)
     def decorated_function(*args, **kwargs):
         if 'user_id' not in session:
-            return redirect(url_for('auth.login'))
+            # Capture the full path the user was trying to access
+            return redirect(url_for('auth.login', next=request.full_path))
         return f(*args, **kwargs)
     return decorated_function
 
-# --- Routes ---
-
+# --- Login Route ---
 @auth_bp.route("/login", methods=["GET", "POST"])
 def login():
+    if 'user_id' in session:
+        return redirect(url_for('main.home'))
+
     if request.method == "POST":
         email = request.form.get("email")
         password = request.form.get("password")
@@ -27,10 +30,20 @@ def login():
             # Exchange password for auth token via Google Identity Toolkit
             url = f"https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key={FIREBASE_WEB_API_KEY}"
             resp = requests.post(url, json={"email": email, "password": password, "returnSecureToken": True})
+            
             if resp.status_code == 200:
+                # Activate the 30-day persistent session
                 session.permanent = True
                 session['user_id'] = resp.json()['localId']
-                return redirect(url_for('main.home'))
+                
+                # Retrieve the 'next' destination from the URL parameters
+                next_page = request.args.get('next')
+                
+                # Security Check: Ensure 'next_page' is a relative path (starts with /)
+                if not next_page or not next_page.startswith('/'):
+                    next_page = url_for('main.home')
+                
+                return redirect(next_page)
             else:
                 return render_template("auth/login.html", mode="login", error="Invalid email or password")
         else:
@@ -40,6 +53,9 @@ def login():
 
 @auth_bp.route("/register", methods=["GET", "POST"])
 def register():
+    if 'user_id' in session:
+        return redirect(url_for('main.home'))
+
     if request.method == "POST":
         email = request.form.get("email")
         password = request.form.get("password")
@@ -48,6 +64,7 @@ def register():
             url = f"https://identitytoolkit.googleapis.com/v1/accounts:signUp?key={FIREBASE_WEB_API_KEY}"
             resp = requests.post(url, json={"email": email, "password": password, "returnSecureToken": True})
             if resp.status_code == 200:
+                session.permanent = True
                 session['user_id'] = resp.json()['localId']
                 flash("Registration Successful! Welcome to the Toolkit.", "success")
                 return redirect(url_for('main.setup'))