From 9eb65dcd78df535f0b0e61cde8005623a6d91a61 Mon Sep 17 00:00:00 2001
From: Dan Brown <ssddanbrown@googlemail.com>
Date: Tue, 31 Aug 2021 20:54:43 +0100
Subject: [PATCH] Updated the login redirect logic to ignore mfa routes

---
 app/Http/Controllers/Auth/LoginController.php | 36 +++++++++++++++----
 .../Auth/MfaBackupCodesController.php         |  1 -
 2 files changed, 29 insertions(+), 8 deletions(-)

diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 01cc77d84..7c8eb2c86 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -81,13 +81,7 @@ class LoginController extends Controller
         }
 
         // Store the previous location for redirect after login
-        $previous = url()->previous('');
-        if ($previous && $previous !== url('/login') && setting('app-public')) {
-            $isPreviousFromInstance = (strpos($previous, url('/')) === 0);
-            if ($isPreviousFromInstance) {
-                redirect()->setIntendedUrl($previous);
-            }
-        }
+        $this->updateIntendedFromPrevious();
 
         return view('auth.login', [
             'socialDrivers' => $socialDrivers,
@@ -228,4 +222,32 @@ class LoginController extends Controller
             $this->username() => [trans('auth.failed')],
         ])->redirectTo('/login');
     }
+
+    /**
+     * Update the intended URL location from their previous URL.
+     * Ignores if not from the current app instance or if from certain
+     * login or authentication routes.
+     */
+    protected function updateIntendedFromPrevious(): void
+    {
+        // Store the previous location for redirect after login
+        $previous = url()->previous('');
+        $isPreviousFromInstance = (strpos($previous, url('/')) === 0);
+        if (!$previous || !setting('app-public') || !$isPreviousFromInstance) {
+            return;
+        }
+
+        $ignorePrefixList = [
+            '/login',
+            '/mfa',
+        ];
+
+        foreach ($ignorePrefixList as $ignorePrefix) {
+            if (strpos($previous, url($ignorePrefix)) === 0) {
+                return;
+            }
+        }
+
+        redirect()->setIntendedUrl($previous);
+    }
 }
diff --git a/app/Http/Controllers/Auth/MfaBackupCodesController.php b/app/Http/Controllers/Auth/MfaBackupCodesController.php
index d92029bf1..c60dbca20 100644
--- a/app/Http/Controllers/Auth/MfaBackupCodesController.php
+++ b/app/Http/Controllers/Auth/MfaBackupCodesController.php
@@ -53,7 +53,6 @@ class MfaBackupCodesController extends Controller
 
         if (!auth()->check()) {
             $this->showSuccessNotification(trans('auth.mfa_setup_login_notification'));
-
             return redirect('/login');
         }