FIX: redirects back to origin for SSO and omniauth login

2025-05-28 13:51:18 +08:00 · 2016-09-16 13:48:50 +10:00
parent 2f8c14fef1
commit e6fcaadd45
3 changed files with 22 additions and 10 deletions
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@ -11,15 +11,17 @@ class SessionController < ApplicationController
  end

  def sso
-    return_path = if params[:return_path]
-      params[:return_path]
-    elsif session[:destination_url]
-      uri = URI::parse(session[:destination_url])
-      "#{uri.path}#{uri.query ? "?" << uri.query : ""}"
-    else
-      path('/')
+    destination_url = cookies[:destination_url] || session[:destination_url]
+    return_path = params[:return_path] || path('/')
+
+    if destination_url && return_path == path('/')
+      uri = URI::parse(destination_url)
+      return_path = "#{uri.path}#{uri.query ? "?" << uri.query : ""}"
    end

+    session.delete(:destination_url)
+    cookies.delete(:destination_url)
+
    if SiteSetting.enable_sso?
      sso = DiscourseSingleSignOn.generate_sso(return_path)
      if SiteSetting.verbose_sso_logging