From fbe9215b17194d974c50dd43dc0dbf3b4dba890b Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 4 Mar 2021 10:16:16 -0500
Subject: [PATCH] fix: #9348 incorrect redirect via connect-ensure-login

---
 src/controllers/index.js | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/controllers/index.js b/src/controllers/index.js
index e965ff0606..89d3ccb980 100644
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -97,7 +97,6 @@ Controllers.login = async function (req, res) {
 	const loginStrategies = require('../routes/authentication').getLoginStrategies();
 	const registrationType = meta.config.registrationType || 'normal';
 	const allowLoginWith = (meta.config.allowLoginWith || 'username-email');
-	const returnTo = (req.headers['x-return-to'] || '').replace(nconf.get('base_url') + nconf.get('relative_path'), '');
 
 	let errorText;
 	if (req.query.error === 'csrf-invalid') {
@@ -106,10 +105,13 @@ Controllers.login = async function (req, res) {
 		errorText = validator.escape(String(req.query.error));
 	}
 
-	if (returnTo) {
-		req.session.returnTo = returnTo;
+	if (req.headers['x-return-to']) {
+		req.session.returnTo = req.headers['x-return-to'];
 	}
 
+	// Occasionally, x-return-to is passed a full url. Also, connect-ensure-login passes the relative path. Strip both.
+	req.session.returnTo = req.session.returnTo.replace(nconf.get('base_url'), '').replace(nconf.get('relative_path'), '');
+
 	data.alternate_logins = loginStrategies.length > 0;
 	data.authentication = loginStrategies;
 	data.allowRegistration = registrationType === 'normal';