feat(web): return-to-destination on auth redirect; logout pending state (#48)

web/src/auth/require-auth.test.tsx

@@ -1,16 +1,21 @@
 import { screen, waitFor } from "@testing-library/react";
 import { http, HttpResponse } from "msw";
 import { expect, test } from "vitest";
-import { Route, Routes } from "react-router-dom";
+import { Route, Routes, useLocation } from "react-router-dom";
 
 import { server } from "../test/server";
 import { renderApp } from "../test/render";
 import { RequireAuth } from "./require-auth";
 
+function LoginStub() {
+  const location = useLocation();
+  return <div>login page {location.search}</div>;
+}
+
 function tree() {
   return (
     <Routes>
-      <Route path="/login" element={<div>login page</div>} />
+      <Route path="/login" element={<LoginStub />} />
       <Route element={<RequireAuth />}>
         <Route path="/objects" element={<div>secret objects</div>} />
       </Route>
@@ -23,8 +28,8 @@ test("renders children when authenticated", async () => {
   expect(await screen.findByText("secret objects")).toBeInTheDocument();
 });
 
-test("redirects to /login when unauthenticated", async () => {
+test("redirects unauthenticated users to /login carrying the attempted path", async () => {
   server.use(http.get("/api/admin/me", () => new HttpResponse(null, { status: 401 })));
   renderApp(tree(), { route: "/objects" });
-  await waitFor(() => expect(screen.getByText("login page")).toBeInTheDocument());
+  await waitFor(() => expect(screen.getByText(/from=%2Fobjects/)).toBeInTheDocument());
 });