From c98cb5c8348bf09eb59383f906e2ce9bef9656c3 Mon Sep 17 00:00:00 2001
From: Thomas Rittson <trittson@bitwarden.com>
Date: Thu, 26 May 2022 12:07:08 +1000
Subject: [PATCH] Make routing guards redirect relative to root

---
 angular/src/guards/auth.guard.ts   | 20 ++++++++++++++++----
 angular/src/guards/lock.guard.ts   | 10 +++++++---
 angular/src/guards/unauth.guard.ts | 12 ++++++++----
 3 files changed, 31 insertions(+), 11 deletions(-)

diff --git a/angular/src/guards/auth.guard.ts b/angular/src/guards/auth.guard.ts
index 355f797b..5615bfcf 100644
--- a/angular/src/guards/auth.guard.ts
+++ b/angular/src/guards/auth.guard.ts
@@ -1,5 +1,11 @@
 import { Injectable } from "@angular/core";
-import { ActivatedRouteSnapshot, CanActivate, Router, RouterStateSnapshot } from "@angular/router";
+import {
+  ActivatedRoute,
+  ActivatedRouteSnapshot,
+  CanActivate,
+  Router,
+  RouterStateSnapshot,
+} from "@angular/router";
 
 import { AuthService } from "jslib-common/abstractions/auth.service";
 import { KeyConnectorService } from "jslib-common/abstractions/keyConnector.service";
@@ -12,7 +18,8 @@ export class AuthGuard implements CanActivate {
     private authService: AuthService,
     private router: Router,
     private messagingService: MessagingService,
-    private keyConnectorService: KeyConnectorService
+    private keyConnectorService: KeyConnectorService,
+    private activatedRoute: ActivatedRoute
   ) {}
 
   async canActivate(route: ActivatedRouteSnapshot, routerState: RouterStateSnapshot) {
@@ -27,14 +34,19 @@ export class AuthGuard implements CanActivate {
       if (routerState != null) {
         this.messagingService.send("lockedUrl", { url: routerState.url });
       }
-      return this.router.createUrlTree(["lock"], { queryParams: { promptBiometric: true } });
+      return this.router.createUrlTree(["lock"], {
+        queryParams: { promptBiometric: true },
+        relativeTo: this.activatedRoute.root,
+      });
     }
 
     if (
       !routerState.url.includes("remove-password") &&
       (await this.keyConnectorService.getConvertAccountRequired())
     ) {
-      return this.router.createUrlTree(["/remove-password"]);
+      return this.router.createUrlTree(["/remove-password"], {
+        relativeTo: this.activatedRoute.root,
+      });
     }
 
     return true;
diff --git a/angular/src/guards/lock.guard.ts b/angular/src/guards/lock.guard.ts
index 05f2bac6..40e02a45 100644
--- a/angular/src/guards/lock.guard.ts
+++ b/angular/src/guards/lock.guard.ts
@@ -1,5 +1,5 @@
 import { Injectable } from "@angular/core";
-import { CanActivate, Router } from "@angular/router";
+import { ActivatedRoute, CanActivate, Router } from "@angular/router";
 
 import { AuthService } from "jslib-common/abstractions/auth.service";
 import { AuthenticationStatus } from "jslib-common/enums/authenticationStatus";
@@ -8,7 +8,11 @@ import { AuthenticationStatus } from "jslib-common/enums/authenticationStatus";
 export class LockGuard implements CanActivate {
   protected homepage = "vault";
   protected loginpage = "login";
-  constructor(private authService: AuthService, private router: Router) {}
+  constructor(
+    private authService: AuthService,
+    private router: Router,
+    private activatedRoute: ActivatedRoute
+  ) {}
 
   async canActivate() {
     const authStatus = await this.authService.getAuthStatus();
@@ -20,6 +24,6 @@ export class LockGuard implements CanActivate {
     const redirectUrl =
       authStatus === AuthenticationStatus.LoggedOut ? [this.loginpage] : [this.homepage];
 
-    return this.router.createUrlTree([redirectUrl]);
+    return this.router.createUrlTree([redirectUrl], { relativeTo: this.activatedRoute.root });
   }
 }
diff --git a/angular/src/guards/unauth.guard.ts b/angular/src/guards/unauth.guard.ts
index 3335d636..71d7d737 100644
--- a/angular/src/guards/unauth.guard.ts
+++ b/angular/src/guards/unauth.guard.ts
@@ -1,5 +1,5 @@
 import { Injectable } from "@angular/core";
-import { CanActivate, Router } from "@angular/router";
+import { ActivatedRoute, CanActivate, Router } from "@angular/router";
 
 import { AuthService } from "jslib-common/abstractions/auth.service";
 import { AuthenticationStatus } from "jslib-common/enums/authenticationStatus";
@@ -7,7 +7,11 @@ import { AuthenticationStatus } from "jslib-common/enums/authenticationStatus";
 @Injectable()
 export class UnauthGuard implements CanActivate {
   protected homepage = "vault";
-  constructor(private authService: AuthService, private router: Router) {}
+  constructor(
+    private authService: AuthService,
+    private router: Router,
+    private activatedRoute: ActivatedRoute
+  ) {}
 
   async canActivate() {
     const authStatus = await this.authService.getAuthStatus();
@@ -17,9 +21,9 @@ export class UnauthGuard implements CanActivate {
     }
 
     if (authStatus === AuthenticationStatus.Locked) {
-      return this.router.createUrlTree(["lock"]);
+      return this.router.createUrlTree(["lock"], { relativeTo: this.activatedRoute.root });
     }
 
-    return this.router.createUrlTree([this.homepage]);
+    return this.router.createUrlTree([this.homepage], { relativeTo: this.activatedRoute.root });
   }
 }