From 0c66384bc3d8c0755ae9d1380b4f30efc381cc61 Mon Sep 17 00:00:00 2001
From: proggeler <proggeler@de-mes.nl>
Date: Tue, 19 May 2026 08:22:46 +0200
Subject: [PATCH] redirect after login

---
 src/Controllers/AuthenticationController.php | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/src/Controllers/AuthenticationController.php b/src/Controllers/AuthenticationController.php
index 7972ceb..5001c3d 100644
--- a/src/Controllers/AuthenticationController.php
+++ b/src/Controllers/AuthenticationController.php
@@ -38,7 +38,7 @@ public function login(ServerRequestInterface $request, ResponseInterface $respon
             $this->authenticationService->authenticate($data, true);
 
             return $response
-                ->withHeader('Location', '/')
+                ->withHeader('Location', $this->redirectTo($request))
                 ->withStatus(302);
         } catch (AuthenticationException) {
             $error = 'Login failed';
@@ -167,4 +167,21 @@ private function render(ResponseInterface $response, string $template, array $co
 
         return $response;
     }
+
+    private function redirectTo(ServerRequestInterface $request): string
+    {
+        $redirect = $request->getQueryParams()['redirect'] ?? '/';
+
+        if (! $redirect || str_starts_with($redirect, '//') || str_ends_with(rtrim($redirect, '/'), '/login')) {
+            return '/';
+        }
+
+        $rootUrl = $request->getUri()->getScheme() . '://' . $request->getUri()->getHost();
+
+        if (str_starts_with($redirect, $request->getUri()->getScheme())) {
+            return str_starts_with($redirect, $rootUrl) ? $redirect : '/';
+        }
+
+        return '/' . trim((string)$redirect, '/');
+    }
 }