Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Fix login redirects when metabot is enabled#73717

Open
npfitz wants to merge 1 commit intomastermetabase/metabase:masterfrom
uxw-3939-redirect-after-login-is-brokenmetabase/metabase:uxw-3939-redirect-after-login-is-brokenCopy head branch name to clipboard
Open

Fix login redirects when metabot is enabled#73717
npfitz wants to merge 1 commit intomastermetabase/metabase:masterfrom
uxw-3939-redirect-after-login-is-brokenmetabase/metabase:uxw-3939-redirect-after-login-is-brokenCopy head branch name to clipboard

Conversation

@npfitz
Copy link
Copy Markdown
Contributor

@npfitz npfitz commented May 6, 2026

Description

This issue came from the unauthenticated -> redirect logic at the API layer, rather than the route guard layer. When metabot is enabled and a user is unauthenticated, the App (and App Bar) are still mounted, causing use-user-metabot-permissions.ts to reach out to /user-permissions and get a 401. This caused a hard redirect to /auth/login without the redirect search param. The fix here is to only make this call if a user is logged in, though this is a class of bug that requires a broader solution to prevent in the future.

How to verify

  1. Set up Metabot and have it enabled on an instance
  2. Go to a question and copy that url
  3. sign out
  4. paste the copied url into the browser and hit enter
  5. You should see a redirect param in the url. Log in as usual
  6. You should be at the redirect page

Checklist

  • Tests have been added/updated to cover changes in this PR

@npfitz npfitz requested a review from a team May 6, 2026 07:52
@npfitz npfitz self-assigned this May 6, 2026
@npfitz npfitz requested a review from a team as a code owner May 6, 2026 07:52
@npfitz npfitz added the backport Automatically create PR on current release branch on merge label May 6, 2026
@metabase-bot metabase-bot Bot added the .Team/UXWest UX West - use for bugs and feature requests label May 6, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 6, 2026
edited
Loading

e2e tests failed on 9337f46bd6785d22eeb7c549167d3181058d2675-1

e2e test run

File Test Name
model-actions.cy.spec.js Write actions on model detail page (postgres) > should respect impersonated permission
source-replacement.cy.spec.ts scenarios > data-studio > source replacement > Native queries > replaces a table referenced in a native SQL question
usage-auditing.cy.spec.ts scenarios > metabot > usage auditing > renders usage stats charts for selected date shortcuts on conversations
usage-auditing.cy.spec.ts scenarios > metabot > usage auditing > renders usage stats charts for selected date shortcuts on tokens
dependency-unreferenced-list.cy.spec.ts scenarios > dependencies > unreferenced list > analysis > should not show referenced entities
usage-auditing.cy.spec.ts scenarios > metabot > usage auditing > renders usage stats charts for selected date shortcuts on messages
table-editing.cy.spec.ts scenarios > table-editing > table edit mode > should allow to view row details
native-database-source.cy.spec.js scenarios > question > native > database source > selecting a database in native editor for model actions should not persist the database
usage-auditing.cy.spec.ts scenarios > metabot > usage auditing > drills through from conversation charts to the conversations list and updates list filters
usage-auditing.cy.spec.ts scenarios > metabot > usage auditing > drills through from the conversations by day chart to the conversations list

kevinkelleher12
kevinkelleher12 approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@kevinkelleher12 kevinkelleher12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me. Did you think about adding redirects to the 401 handler in app-main.js? It seems like from the PR description you think this might be tricky, but it would be a more robust solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kevinkelleher12 kevinkelleher12 kevinkelleher12 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees

@npfitz npfitz

Labels

backport Automatically create PR on current release branch on merge .Team/UXWest UX West - use for bugs and feature requests

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@npfitz @kevinkelleher12
Morty Proxy This is a proxified and sanitized view of the page, visit original site.