From 7e94d05d39a525f178f8e43e82f25279328e2538 Mon Sep 17 00:00:00 2001
From: Misi <mgyongyosi@users.noreply.github.com>
Date: Fri, 27 Sep 2024 14:57:46 +0200
Subject: [PATCH] Auth: Fix token rotation redirect when session storage
 redirect is enabled (#93906)

Fix token rotation redirect when session storage redirect is enabled
---
 pkg/api/user_token.go | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/pkg/api/user_token.go b/pkg/api/user_token.go
index 7aedc5f0d5e..12894a1a103 100644
--- a/pkg/api/user_token.go
+++ b/pkg/api/user_token.go
@@ -88,7 +88,11 @@ func (hs *HTTPServer) RotateUserAuthTokenRedirect(c *contextmodel.ReqContext) re
 		return response.Redirect(hs.GetRedirectURL(c))
 	}
 
-	return response.Redirect(hs.Cfg.AppSubURL + "/")
+	redirectTo := c.Query("redirectTo")
+	if err := hs.ValidateRedirectTo(redirectTo); err != nil {
+		return response.Redirect(hs.Cfg.AppSubURL + "/")
+	}
+	return response.Redirect(hs.Cfg.AppSubURL + redirectTo)
 }
 
 // swagger:route POST /user/auth-tokens/rotate
@@ -133,7 +137,6 @@ func (hs *HTTPServer) rotateToken(c *contextmodel.ReqContext) error {
 		IP:            ip,
 		UserAgent:     c.Req.UserAgent(),
 	})
-
 	if err != nil {
 		return err
 	}