From 971076d46765aef95a375c6bf1d4a896bff02208 Mon Sep 17 00:00:00 2001
From: astanley <astanley@upei.ca>
Date: Tue, 22 Apr 2025 15:35:45 +0000
Subject: [PATCH] updated login

---
 src/EventSubscriber/RedirectSubscriber.php | 21 ++++++++++++++++++---
 1 file changed, 18 insertions(+), 3 deletions(-)

diff --git a/src/EventSubscriber/RedirectSubscriber.php b/src/EventSubscriber/RedirectSubscriber.php
index 5b2873d..dc9aa44 100644
--- a/src/EventSubscriber/RedirectSubscriber.php
+++ b/src/EventSubscriber/RedirectSubscriber.php
@@ -52,15 +52,30 @@ class RedirectSubscriber implements EventSubscriberInterface {
     $host = $request->getHost();
     $config = $this->configFactory->get('url_permission_redirect.settings');
     $protectedDomain = $config->get('protected_domain') ?? FALSE;
+    $uri = $request->getRequestUri();
 
-    if (protectedDomain && $this->currentUser->isAuthenticated() &&
-        $this->currentUser->hasPermission('access protected domain')) {
+    // Redirect logged-in users with permission.
+    if ($protectedDomain && $this->currentUser->isAuthenticated() &&
+      $this->currentUser->hasPermission('access protected domain')) {
       if ($host !== $protectedDomain) {
-        $uri = $request->getRequestUri();
         $redirect_url = 'https://' . $protectedDomain . $uri;
         $event->setResponse(new TrustedRedirectResponse($redirect_url, 302));
+        return;
       }
     }
+
+    // Redirect anonymous users trying to log in via the public domain.
+    if ($host !== $protectedDomain && $uri === '/user/login') {
+      $destination = $request->query->get('destination');
+      $redirect_url = 'https://' . $protectedDomain . '/user/login';
+
+      // Preserve destination if it exists.
+      if ($destination) {
+        $redirect_url .= '?destination=' . urlencode($destination);
+      }
+
+      $event->setResponse(new TrustedRedirectResponse($redirect_url, 302));
+    }
   }
 
   /**