From ca7424665118e527eddbcb3c8bb764dd942585d7 Mon Sep 17 00:00:00 2001
From: Vinoth Kannan <vinothkannan@vinkas.com>
Date: Fri, 5 Oct 2018 00:01:08 +0530
Subject: [PATCH] FIX: redirect users to SSO client URL after social login

---
 .../users/omniauth_callbacks_controller.rb    |  4 +-
 .../omniauth_callbacks_controller_spec.rb     | 46 +++++++++++++++++++
 2 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users/omniauth_callbacks_controller.rb b/app/controllers/users/omniauth_callbacks_controller.rb
index fe056f1f0ae..ce6040816d7 100644
--- a/app/controllers/users/omniauth_callbacks_controller.rb
+++ b/app/controllers/users/omniauth_callbacks_controller.rb
@@ -33,7 +33,9 @@ class Users::OmniauthCallbacksController < ApplicationController
 
     origin = request.env['omniauth.origin']
 
-    if cookies[:destination_url].present?
+    if SiteSetting.enable_sso_provider && payload = cookies.delete(:sso_payload)
+      origin = session_sso_provider_url + "?" + payload
+    elsif cookies[:destination_url].present?
       origin = cookies[:destination_url]
       cookies.delete(:destination_url)
     end
diff --git a/spec/requests/omniauth_callbacks_controller_spec.rb b/spec/requests/omniauth_callbacks_controller_spec.rb
index 6547c8a0f16..65bd1afa07f 100644
--- a/spec/requests/omniauth_callbacks_controller_spec.rb
+++ b/spec/requests/omniauth_callbacks_controller_spec.rb
@@ -251,6 +251,52 @@ RSpec.describe Users::OmniauthCallbacksController do
         end
       end
 
+      context 'when sso_payload cookie exist' do
+        before do
+          SiteSetting.enable_sso_provider = true
+          SiteSetting.sso_secret = "topsecret"
+
+          @sso = SingleSignOn.new
+          @sso.nonce = "mynonce"
+          @sso.sso_secret = SiteSetting.sso_secret
+          @sso.return_sso_url = "http://somewhere.over.rainbow/sso"
+          cookies[:sso_payload] = @sso.payload
+
+          GoogleUserInfo.create!(google_user_id: '12345', user: user)
+
+          OmniAuth.config.mock_auth[:google_oauth2] = OmniAuth::AuthHash.new(
+            provider: 'google_oauth2',
+            uid: '12345',
+            info: OmniAuth::AuthHash::InfoHash.new(
+              email: 'someother_email@test.com',
+              name: 'Some name'
+            ),
+            extra: {
+              raw_info: OmniAuth::AuthHash.new(
+                email_verified: true,
+                email: 'someother_email@test.com',
+                family_name: 'Huh',
+                given_name: user.name,
+                gender: 'male',
+                name: "#{user.name} Huh",
+              )
+            },
+          )
+
+          Rails.application.env_config["omniauth.auth"] = OmniAuth.config.mock_auth[:google_oauth2]
+        end
+
+        it 'should return the right response' do
+          get "/auth/google_oauth2/callback.json"
+
+          expect(response.status).to eq(200)
+
+          response_body = JSON.parse(response.body)
+
+          expect(response_body["destination_url"]).to match(/\/session\/sso_provider\?sso\=.*\&sig\=.*/)
+        end
+      end
+
       context 'when user has not verified his email' do
         before do
           GoogleUserInfo.create!(google_user_id: '12345', user: user)