Fix referral ID missing in hyperlinks for external login users #749
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: BenjaminMichaelis <[email protected]>
Co-authored-by: BenjaminMichaelis <[email protected]>
Copilot
AI
changed the title
[WIP] Hyperlinks are missing referrer id
Fix referral ID missing in hyperlinks for external login users
Jul 11, 2025
Copilot finished work on behalf of
BenjaminMichaelis
July 11, 2025 05:48
There was a problem hiding this comment.
Pull Request Overview
This PR ensures that users authenticated via external providers have their referral ID properly included in session claims to support referral tracking.
- Refreshes the sign-in session for existing external login users after adding the referral ID claim
- Moves referral ID assignment to before sign-in for new external login users
Comments suppressed due to low confidence (1)
EssentialCSharp.Web/Areas/Identity/Pages/Account/ExternalLogin.cshtml.cs:195
- There don't appear to be automated tests verifying that the referral ID claim is correctly added to both existing and new external login sessions. Adding integration or unit tests for these flows would help catch future regressions.
await referralService.EnsureReferralIdAsync(user);
| var user = await userManager.FindByLoginAsync(info.LoginProvider, info.ProviderKey); | ||
| if (user != null) | ||
| { | ||
| await referralService.EnsureReferralIdAsync(user); |
There was a problem hiding this comment.
[nitpick] The logic to ensure referral ID and then refresh or sign in the user is duplicated in both existing and new user flows. Consider extracting this into a shared helper method to reduce duplication and improve readability.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue
When users log in via external providers (GitHub, Microsoft), the
REFERRAL_IDJavaScript variable is null, causing copied hyperlinks to be missing referrer information. This breaks the referral tracking system for externally authenticated users.Root Cause
In the external login flow,
EnsureReferralIdAsyncwas called AFTER the user was already signed in. While this correctly adds the referral ID claim to the user's stored claims in the database, it doesn't update the currentHttpContext.User.Claimsfor the already-signed-in session.The flow was:
signInManager.ExternalLoginSignInAsync()HttpContext.User.Claimsis populated with existing claims (no referral ID)EnsureReferralIdAsync()adds referral ID to databaseHomeControllerreads null referral ID from current session claimsREFERRAL_ID = nullSolution
For existing users: Call
RefreshSignInAsync()afterEnsureReferralIdAsync()to refresh the current session's claims.For new users: Call
EnsureReferralIdAsync()BEFORE signing in the user so the referral ID is included from the start.Changes
await signInManager.RefreshSignInAsync(user);after ensuring referral ID for existing external login usersawait referralService.EnsureReferralIdAsync(user);before sign-in for new external login usersVerification
Now when users log in via external providers, their referral ID will be properly available in the
REFERRAL_IDJavaScript variable, ensuring copied hyperlinks include the correct referrer information.Fixes #742.
Warning
Firewall rules blocked me from connecting to one or more addresses
I tried to connect to the following addresses, but was blocked by firewall rules:
api.hcaptcha.com/home/REDACTED/.dotnet/dotnet exec --runtimeconfig /home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Debug/net9.0/EssentialCSharp.Web.Tests.runtimeconfig.json --depsfile /home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Debug/net9.0/EssentialCSharp.Web.Tests.deps.json /home/REDACTED/work/EssentialCSharp.Web/EssentialCSharp.Web/EssentialCSharp.Web.Tests/bin/Debug/net9.0/testhost.dll --port 44825 --endpoint 127.0.0.1:044825 --role client --parentprocessid 3952 --telemetryoptedin false(dns block)If you need me to access, download, or install something from one of these locations, you can either:
💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.