From 7056db26e6862c08d765b1208c8a85e8866c7624 Mon Sep 17 00:00:00 2001
From: Dan Singerman <dansingerman@gmail.com>
Date: Tue, 2 Jun 2015 12:29:27 +0100
Subject: [PATCH] Respect cookie[:destination_url] in Single Sign On

When the login_required setting is true, the destination URL is dropped. This change means it will be
respected at login time
---
 app/controllers/session_controller.rb | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index 6b2a8baa1fe..6f5a4b98efe 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -11,8 +11,16 @@ class SessionController < ApplicationController
   end
 
   def sso
+    if params[:return_path]
+      return_path = params[:return_path]
+    elsif cookies[:destination_url]
+      return_path = URI::parse(cookies[:destination_url]).path
+    else
+      return_path = path('/')
+    end
+
     if SiteSetting.enable_sso
-      redirect_to DiscourseSingleSignOn.generate_url(params[:return_path] || path('/'))
+      redirect_to DiscourseSingleSignOn.generate_url(return_path)
     else
       render nothing: true, status: 404
     end