From 4de1c29538a46ed8f7e0b0fcc3a47db285760515 Mon Sep 17 00:00:00 2001
From: Hannah Wolfe <erisds@gmail.com>
Date: Sat, 16 May 2015 20:48:54 +0100
Subject: [PATCH] Password protect redirect optimisation

no issue

- Don't include r=%2F in the URL - we'll assume this is the default
- This is just a bit prettier
---
 core/server/middleware/middleware.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/core/server/middleware/middleware.js b/core/server/middleware/middleware.js
index 09e14d5897..e5205072c7 100644
--- a/core/server/middleware/middleware.js
+++ b/core/server/middleware/middleware.js
@@ -389,13 +389,16 @@ middleware = {
 
     authenticatePrivateSession: function (req, res, next) {
         var hash = req.session.token || '',
-            salt = req.session.salt || '';
+            salt = req.session.salt || '',
+            url;
 
         return verifySessionHash(salt, hash).then(function (isVerified) {
             if (isVerified) {
                 return next();
             } else {
-                return res.redirect(config.urlFor({relativeUrl: '/private/'}) + '?r=' + encodeURIComponent(req.url));
+                url = config.urlFor({relativeUrl: '/private/'});
+                url += req.url === '/' ? '' : '?r=' + encodeURIComponent(req.url);
+                return res.redirect(url);
             }
         });
     },