From 433c3415cadc4c302ddb9dd18d5eb93baf5b0a19 Mon Sep 17 00:00:00 2001
From: Florian Wessels <flo.wessels@gmail.com>
Date: Wed, 3 Nov 2021 20:24:41 +0100
Subject: [PATCH] [BUGFIX] Respect referrer query param when redirecting user

---
 Classes/Controller/LoginController.php    |  3 ++-
 Classes/Middleware/CallbackMiddleware.php | 13 ++++++++-----
 Classes/Service/RedirectService.php       | 12 +++++++++++-
 3 files changed, 21 insertions(+), 7 deletions(-)

diff --git a/Classes/Controller/LoginController.php b/Classes/Controller/LoginController.php
index 43bca88b..7f17b986 100644
--- a/Classes/Controller/LoginController.php
+++ b/Classes/Controller/LoginController.php
@@ -237,8 +237,9 @@ protected function getAuth0(): Auth0
     protected function getCallback(string $loginType = 'login'): string
     {
         $uri = $GLOBALS['TYPO3_REQUEST']->getUri();
+        $rawReferrer = $GLOBALS['TYPO3_REQUEST']->getQueryParams()['referrer'];
+        $referrer = !empty($rawReferrer) ? $rawReferrer : sprintf('%s://%s%s', $uri->getScheme(), $uri->getHost(), $uri->getPath());
 
-        $referrer = $GLOBALS['TYPO3_REQUEST']->getQueryParams()['referrer'] ?? sprintf('%s://%s%s', $uri->getScheme(), $uri->getHost(), $uri->getPath());
         if ($this->settings['referrerAnchor']) {
             $referrer .= '#' . $this->settings['referrerAnchor'];
         }
diff --git a/Classes/Middleware/CallbackMiddleware.php b/Classes/Middleware/CallbackMiddleware.php
index f3c84d66..be5a14cc 100644
--- a/Classes/Middleware/CallbackMiddleware.php
+++ b/Classes/Middleware/CallbackMiddleware.php
@@ -105,6 +105,8 @@ protected function handleFrontendCallback(ServerRequestInterface $request, Token
             return $this->enrichReferrerByErrorCode($errorCode, $token);
         }
 
+        $referrer = $token->getClaim('referrer');
+
         if ($this->isUserLoggedIn($request)) {
             $loginType = GeneralUtility::_GET('logintype');
             $application = $token->getClaim('application');
@@ -116,18 +118,18 @@ protected function handleFrontendCallback(ServerRequestInterface $request, Token
 
                 if ((bool)$token->getClaim('redirectDisable') === false) {
                     $allowedMethods = ['groupLogin', 'userLogin', 'login', 'getpost', 'referrer'];
-                    $this->performRedirectFromPluginConfiguration($token, $allowedMethods);
+                    $this->performRedirectFromPluginConfiguration($token, $allowedMethods, $referrer);
                 } else {
-                    return new RedirectResponse($token->getClaim('referrer'));
+                    return new RedirectResponse($referrer);
                 }
             } elseif ($loginType === 'logout') {
                 // User was logged out prior to this method. That's why there is no valid TYPO3 frontend user anymore.
-                $this->performRedirectFromPluginConfiguration($token, ['logout', 'referrer']);
+                $this->performRedirectFromPluginConfiguration($token, ['logout', 'referrer'], $referrer);
             }
         }
 
         // Redirect back to logout page if no redirect was executed before
-        return new RedirectResponse($token->getClaim('referrer'));
+        return new RedirectResponse($referrer);
     }
 
     /**
@@ -182,7 +184,7 @@ protected function updateTypo3User(int $application, array $user): void
         $updateUtility->updateGroups();
     }
 
-    protected function performRedirectFromPluginConfiguration(Token $token, array $allowedMethods): void
+    protected function performRedirectFromPluginConfiguration(Token $token, array $allowedMethods, ?string $referrer = null): void
     {
         $redirectService = new RedirectService([
             'redirectDisable' => false,
@@ -193,6 +195,7 @@ protected function performRedirectFromPluginConfiguration(Token $token, array $a
             'redirectPageLogout' => $token->getClaim('redirectPageLogout')
         ]);
 
+        $redirectService->setReferrer($referrer);
         $redirectService->handleRedirect($allowedMethods);
     }
 }
diff --git a/Classes/Service/RedirectService.php b/Classes/Service/RedirectService.php
index d71564ae..81a6d005 100644
--- a/Classes/Service/RedirectService.php
+++ b/Classes/Service/RedirectService.php
@@ -40,6 +40,11 @@ class RedirectService implements LoggerAwareInterface
      */
     protected $settings = [];
 
+    /**
+     * @param string|null
+     */
+    protected $referrer;
+
     public function __construct(array $redirectSettings)
     {
         $this->settings = $redirectSettings;
@@ -49,6 +54,11 @@ public function __construct(array $redirectSettings)
         }
     }
 
+    public function setReferrer(?string $referrer)
+    {
+        $this->referrer = $referrer;
+    }
+
     public function handleRedirect(array $allowedMethods, array $additionalParameters = []): void
     {
         if ((bool)$this->settings['redirectDisable'] === false && !empty($this->settings['redirectMode'])) {
@@ -166,7 +176,7 @@ public function getRedirectUri(array $allowedRedirects): array
                             break;
 
                         case 'referrer':
-                            $redirect_url[] = $this->validateRedirectUrl(GeneralUtility::_GP('referrer'));
+                            $redirect_url[] = $this->validateRedirectUrl($this->referrer ?? GeneralUtility::_GP('referrer'));
                             break;
 
                         case 'loginError':