FIX: redirects back to origin for SSO and omniauth login

app/controllers/session_controller.rb

@@ -11,15 +11,17 @@ def csrf
   end
 
   def sso
-    return_path = if params[:return_path]
-      params[:return_path]
-    elsif session[:destination_url]
-      uri = URI::parse(session[:destination_url])
-      "#{uri.path}#{uri.query ? "?" << uri.query : ""}"
-    else
-      path('/')
+    destination_url = cookies[:destination_url] || session[:destination_url]
+    return_path = params[:return_path] || path('/')
+
+    if destination_url && return_path == path('/')
+      uri = URI::parse(destination_url)
+      return_path = "#{uri.path}#{uri.query ? "?" << uri.query : ""}"
     end
 
+    session.delete(:destination_url)
+    cookies.delete(:destination_url)
+
     if SiteSetting.enable_sso?
       sso = DiscourseSingleSignOn.generate_sso(return_path)
       if SiteSetting.verbose_sso_logging

app/controllers/user_api_keys_controller.rb

@@ -20,7 +20,12 @@ def new
 
     unless current_user
       cookies[:destination_url] = request.fullpath
-      redirect_to path('/login')
+
+      if SiteSetting.enable_sso?
+        redirect_to path('/session/sso')
+      else
+        redirect_to path('/login')
+      end
       return
     end
 

app/controllers/users/omniauth_callbacks_controller.rb

@@ -39,10 +39,15 @@ def complete
     @auth_result = authenticator.after_authenticate(auth)
 
     origin = request.env['omniauth.origin']
+    if cookies[:destination_url].present?
+      origin = cookies[:destination_url]
+      cookies.delete(:destination_url)
+    end
+
     if origin.present?
-      parsed = URI.parse(@origin) rescue nil
+      parsed = URI.parse(origin) rescue nil
       if parsed
-        @origin = parsed.path
+        @origin = "#{parsed.path}?#{parsed.query}"
       end
     end