From 08331c63fbc0d69d2203f14165b15e1a596788b0 Mon Sep 17 00:00:00 2001
From: Michael Auerswald <michael.auerswald@gmail.com>
Date: Thu, 20 Jul 2023 17:23:29 +0200
Subject: [PATCH] fix(core): Redirect user to previous url after SSO signin
 (#6710)

redirect user to previous url after SSO signin
---
 .../src/sso/saml/routes/saml.controller.ee.ts | 22 +++++++++++++++++--
 packages/cli/src/sso/saml/saml.service.ee.ts  |  4 ----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/packages/cli/src/sso/saml/routes/saml.controller.ee.ts b/packages/cli/src/sso/saml/routes/saml.controller.ee.ts
index f7229f75d..67d441a37 100644
--- a/packages/cli/src/sso/saml/routes/saml.controller.ee.ts
+++ b/packages/cli/src/sso/saml/routes/saml.controller.ee.ts
@@ -25,6 +25,8 @@ import {
 import { getSamlConnectionTestSuccessView } from '../views/samlConnectionTestSuccess';
 import { getSamlConnectionTestFailedView } from '../views/samlConnectionTestFailed';
 import { InternalHooks } from '@/InternalHooks';
+import url from 'url';
+import querystring from 'querystring';
 
 @Service()
 @RestController('/sso/saml')
@@ -138,7 +140,8 @@ export class SamlController {
 					if (loginResult.onboardingRequired) {
 						return res.redirect(getInstanceBaseUrl() + SamlUrls.samlOnboarding);
 					} else {
-						return res.redirect(getInstanceBaseUrl() + SamlUrls.defaultRedirect);
+						const redirectUrl = req.body?.RelayState ?? SamlUrls.defaultRedirect;
+						return res.redirect(getInstanceBaseUrl() + redirectUrl);
 					}
 				} else {
 					return res.status(202).send(loginResult.attributes);
@@ -169,7 +172,22 @@ export class SamlController {
 	@NoAuthRequired()
 	@Get(SamlUrls.initSSO, { middlewares: [samlLicensedAndEnabledMiddleware] })
 	async initSsoGet(req: express.Request, res: express.Response) {
-		return this.handleInitSSO(res);
+		let redirectUrl = '';
+		try {
+			const refererUrl = req.headers.referer;
+			if (refererUrl) {
+				const parsedUrl = url.parse(refererUrl);
+				if (parsedUrl?.query) {
+					const parsedQueryParams = querystring.parse(parsedUrl.query);
+					if (parsedQueryParams.redirect && typeof parsedQueryParams.redirect === 'string') {
+						redirectUrl = querystring.unescape(parsedQueryParams.redirect);
+					}
+				}
+			}
+		} catch {
+			// ignore
+		}
+		return this.handleInitSSO(res, redirectUrl);
 	}
 
 	/**
diff --git a/packages/cli/src/sso/saml/saml.service.ee.ts b/packages/cli/src/sso/saml/saml.service.ee.ts
index 8e9eaad2c..5e1c2847a 100644
--- a/packages/cli/src/sso/saml/saml.service.ee.ts
+++ b/packages/cli/src/sso/saml/saml.service.ee.ts
@@ -140,8 +140,6 @@ export class SamlService {
 		const sp = this.getServiceProviderInstance();
 		sp.entitySetting.relayState = relayState ?? getInstanceBaseUrl();
 		const loginRequest = sp.createLoginRequest(this.getIdentityProviderInstance(), 'redirect');
-		//TODO:SAML: debug logging
-		LoggerProxy.debug(loginRequest.context);
 		return loginRequest;
 	}
 
@@ -152,8 +150,6 @@ export class SamlService {
 			this.getIdentityProviderInstance(),
 			'post',
 		) as PostBindingContext;
-		//TODO:SAML: debug logging
-		LoggerProxy.debug(loginRequest.context);
 		return loginRequest;
 	}