From a400018b66d3e2bea2933acc53251dbbbc113a13 Mon Sep 17 00:00:00 2001
From: pablohashescobar <nikhilschacko@gmail.com>
Date: Tue, 16 Sep 2025 10:19:32 +0530
Subject: [PATCH 1/2] refactor: remove base_host retrieval from authentication
 views

* Removed unnecessary base_host retrieval from GitHub, GitLab, and Google callback endpoints.
* Updated MagicSignUpEndpoint to use get_safe_redirect_url for URL construction.
* Refactored MagicSignInSpaceEndpoint to streamline URL redirection logic.
---
 apps/api/plane/authentication/views/app/github.py  | 1 -
 apps/api/plane/authentication/views/app/gitlab.py  | 1 -
 apps/api/plane/authentication/views/app/google.py  | 1 -
 apps/api/plane/authentication/views/app/magic.py   | 2 --
 apps/api/plane/authentication/views/space/magic.py | 8 +++++---
 5 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/apps/api/plane/authentication/views/app/github.py b/apps/api/plane/authentication/views/app/github.py
index 425f125499e..35c4d2121b9 100644
--- a/apps/api/plane/authentication/views/app/github.py
+++ b/apps/api/plane/authentication/views/app/github.py
@@ -60,7 +60,6 @@ class GitHubCallbackEndpoint(View):
     def get(self, request):
         code = request.GET.get("code")
         state = request.GET.get("state")
-        base_host = request.session.get("host")
         next_path = request.session.get("next_path")
 
         if state != request.session.get("state", ""):
diff --git a/apps/api/plane/authentication/views/app/gitlab.py b/apps/api/plane/authentication/views/app/gitlab.py
index e22911d32e2..b2e5da80f1c 100644
--- a/apps/api/plane/authentication/views/app/gitlab.py
+++ b/apps/api/plane/authentication/views/app/gitlab.py
@@ -61,7 +61,6 @@ class GitLabCallbackEndpoint(View):
     def get(self, request):
         code = request.GET.get("code")
         state = request.GET.get("state")
-        base_host = request.session.get("host")
         next_path = request.session.get("next_path")
 
         if state != request.session.get("state", ""):
diff --git a/apps/api/plane/authentication/views/app/google.py b/apps/api/plane/authentication/views/app/google.py
index aa65fa7fb62..cfa409ae519 100644
--- a/apps/api/plane/authentication/views/app/google.py
+++ b/apps/api/plane/authentication/views/app/google.py
@@ -62,7 +62,6 @@ class GoogleCallbackEndpoint(View):
     def get(self, request):
         code = request.GET.get("code")
         state = request.GET.get("state")
-        base_host = request.session.get("host")
         next_path = request.session.get("next_path")
 
         if state != request.session.get("state", ""):
diff --git a/apps/api/plane/authentication/views/app/magic.py b/apps/api/plane/authentication/views/app/magic.py
index 9be3693e55a..694fca6cb7b 100644
--- a/apps/api/plane/authentication/views/app/magic.py
+++ b/apps/api/plane/authentication/views/app/magic.py
@@ -160,8 +160,6 @@ def post(self, request):
                 error_message="USER_ALREADY_EXIST",
             )
             params = exc.get_error_dict()
-            if next_path:
-                params["next_path"] = str(next_path)
             url = get_safe_redirect_url(
                 base_url=base_host(request=request, is_app=True),
                 next_path=next_path,
diff --git a/apps/api/plane/authentication/views/space/magic.py b/apps/api/plane/authentication/views/space/magic.py
index 81ef6f77fa2..469e3c266cd 100644
--- a/apps/api/plane/authentication/views/space/magic.py
+++ b/apps/api/plane/authentication/views/space/magic.py
@@ -1,5 +1,3 @@
-from urllib.parse import urljoin, urlencode
-
 # Django imports
 from django.core.validators import validate_email
 from django.http import HttpResponseRedirect
@@ -106,7 +104,11 @@ def post(self, request):
             base_url = get_safe_redirect_url(
                 base_url=base_host(request=request, is_space=True), next_path=next_path
             )
-            url = urljoin(base_url, "?" + urlencode(params))
+            url = get_safe_redirect_url(
+                base_url=base_host(request=request, is_space=True),
+                next_path=next_path,
+                params=params,
+            )
             return HttpResponseRedirect(url)
 
 

From b136a0bffe7f77bfb7139d990be6d6088c849fb1 Mon Sep 17 00:00:00 2001
From: pablohashescobar <nikhilschacko@gmail.com>
Date: Tue, 16 Sep 2025 10:22:27 +0530
Subject: [PATCH 2/2] refactor: streamline URL redirection in
 MagicSignInSpaceEndpoint

* Removed redundant base_url retrieval from the exception handling in MagicSignInSpaceEndpoint.
* Enhanced the clarity of URL construction by directly using get_safe_redirect_url.
---
 apps/api/plane/authentication/views/space/magic.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/apps/api/plane/authentication/views/space/magic.py b/apps/api/plane/authentication/views/space/magic.py
index 469e3c266cd..0a5f2b42c95 100644
--- a/apps/api/plane/authentication/views/space/magic.py
+++ b/apps/api/plane/authentication/views/space/magic.py
@@ -101,9 +101,6 @@ def post(self, request):
 
         except AuthenticationException as e:
             params = e.get_error_dict()
-            base_url = get_safe_redirect_url(
-                base_url=base_host(request=request, is_space=True), next_path=next_path
-            )
             url = get_safe_redirect_url(
                 base_url=base_host(request=request, is_space=True),
                 next_path=next_path,