bug: keep query params present in auth_redirect (#7923)

https://meta.discourse.org/t/user-api-keys-payload-and-existing-query-string-leads-to-a-double-question-mark/123617
2025-02-25 18:55:32 -06:00 · 2019-07-23 21:46:03 +05:30
parent abe6202af9
commit 9e0a3b8229
2 changed files with 23 additions and 3 deletions
--- a/app/controllers/user_api_keys_controller.rb
+++ b/app/controllers/user_api_keys_controller.rb
@@ -93,9 +93,12 @@ class UserApiKeysController < ApplicationController
    end

    if params[:auth_redirect]
-      redirect_path = +"#{params[:auth_redirect]}?payload=#{CGI.escape(@payload)}"
-      redirect_path << "&oneTimePassword=#{CGI.escape(otp_payload)}" if scopes.include?("one_time_password")
-      redirect_to(redirect_path)
+      uri = URI.parse(params[:auth_redirect])
+      query_attributes = [uri.query, "payload=#{CGI.escape(@payload)}"]
+      query_attributes << "oneTimePassword=#{CGI.escape(otp_payload)}" if scopes.include?("one_time_password")
+      uri.query = query_attributes.compact.join('&')
+
+      redirect_to(uri.to_s)
    else
      respond_to do |format|
        format.html { render :show }