Merge pull request #3519 from fullfatthings/fix_sso_redirect_when_login_required

Respect cookie[:destination_url] in Single Sign On

app/controllers/application_controller.rb

@@ -413,17 +413,22 @@ class ApplicationController < ActionController::Base
       raise Discourse::InvalidAccess.new unless current_user && current_user.staff?
     end
 
+    def destination_url
+      request.original_url unless request.original_url =~ /uploads/
+    end
+
     def redirect_to_login_if_required
       return if current_user || (request.format.json? && api_key_valid?)
 
-      # save original URL in a cookie
-      cookies[:destination_url] = request.original_url unless request.original_url =~ /uploads/
-
       # redirect user to the SSO page if we need to log in AND SSO is enabled
       if SiteSetting.login_required?
         if SiteSetting.enable_sso?
+          # save original URL in a session so we can redirect after login
+          session[:destination_url] = destination_url
           redirect_to path('/session/sso')
         else
+          # save original URL in a cookie (javascript redirects after login in this case)
+          cookies[:destination_url] = destination_url
           redirect_to :login
         end
       end

app/controllers/session_controller.rb

@@ -11,8 +11,16 @@ class SessionController < ApplicationController
   end
 
   def sso
-    if SiteSetting.enable_sso
-      redirect_to DiscourseSingleSignOn.generate_url(params[:return_path] || path('/'))
+    return_path = if params[:return_path]
+      params[:return_path]
+    elsif session[:destination_url]
+      URI::parse(session[:destination_url]).path
+    else
+      path('/')
+    end
+
+    if SiteSetting.enable_sso?
+      redirect_to DiscourseSingleSignOn.generate_url(return_path)
     else
       render nothing: true, status: 404
     end