> It seems to me that there are two issues here. One is cleaning up the logic > to make it uniform, DRY and understandable. The other is deciding where to > put the next link (and doing proper validation of the URL). > > I understand (I think) the basic use case for @requires_login, I think. > > What's the use case for saving the return link in Auth()? > > Does it make sense to try to save a next link in cases like change-password? > Profile editing? > > I'm fine with reverting for now, but I really think that this logic is due > for a review and cleanup.
I agree with that. I think we may have to release 1.99.1 with the _next solution and then try improve it. > Maybe starting with a spec: what are we really trying to do? And how do these > dynamic _next links relate to the various next-URL links in auth.settings? I will try write more about this later today. Massimo
