From f67d273bbdca6a77fc2ee66e936a6b90869b3a66 Mon Sep 17 00:00:00 2001
From: Thomas Gelf <thomas@gelf.net>
Date: Tue, 19 Aug 2014 10:14:46 +0200
Subject: [PATCH] AuthenticationController: handle redirect parameter

This is a form field instead of a get parameter right now.

fixes #6584
---
 .../controllers/AuthenticationController.php  | 29 ++++++++++++++-----
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/application/controllers/AuthenticationController.php b/application/controllers/AuthenticationController.php
index 7d4864d5a..a6a5345ed 100644
--- a/application/controllers/AuthenticationController.php
+++ b/application/controllers/AuthenticationController.php
@@ -35,12 +35,17 @@ class AuthenticationController extends ActionController
     public function loginAction()
     {
         $auth = $this->Auth();
-        $this->view->form = new LoginForm();
-        $this->view->form->setRequest($this->_request);
+        $this->view->form = $form = new LoginForm();
+        $form->setRequest($this->_request);
         $this->view->title = $this->translate('Icingaweb Login');
 
         try {
-            $redirectUrl = Url::fromPath($this->params->get('redirect', 'dashboard'));
+            $redirectUrl = $this->view->form->getValue('redirect');
+            if ($redirectUrl) {
+                $redirectUrl = Url::fromPath($redirectUrl);
+            } else {
+                $redirectUrl = Url::fromPath('dashboard');
+            }
 
             if ($auth->isAuthenticated()) {
                 $this->rerenderLayout()->redirectNow($redirectUrl);
@@ -72,12 +77,20 @@ class AuthenticationController extends ActionController
                         }
                     }
                 }
-            } elseif ($this->view->form->isSubmittedAndValid()) {
-                $user = new User($this->view->form->getValue('username'));
-                $password = $this->view->form->getValue('password');
+            } elseif ($form->isSubmittedAndValid()) {
+                $user = new User($form->getValue('username'));
+                $password = $form->getValue('password');
                 $backendsTried = 0;
                 $backendsWithError = 0;
 
+                $redirectUrl = $form->getValue('redirect');
+
+                if ($redirectUrl) {
+                    $redirectUrl = Url::fromPath($redirectUrl);
+                } else {
+                    $redirectUrl = Url::fromPath('dashboard');
+                }
+
                 foreach ($chain as $backend) {
                     if ($backend instanceof AutoLoginBackend) {
                         continue;
@@ -112,14 +125,14 @@ class AuthenticationController extends ActionController
                     );
                 }
                 if ($backendsWithError) {
-                    $this->view->form->addNote(
+                    $form->addNote(
                         $this->translate(
                             'Note that not all authentication backends are available for authentication because they'
                             . ' have errors. Please check the system log or Icinga Web 2 log for more information'
                         )
                     );
                 }
-                $this->view->form->getElement('password')->addError($this->translate('Incorrect username or password'));
+                $form->getElement('password')->addError($this->translate('Incorrect username or password'));
             }
         } catch (Exception $e) {
             $this->view->errorInfo = $e->getMessage();