From ecbcc0b6b688a93e39180d91ede8bc906e296686 Mon Sep 17 00:00:00 2001
From: Maxime Besson <maxime.besson@worteks.com>
Date: Wed, 22 Apr 2020 11:24:05 +0200
Subject: [PATCH] Fix #2081 by detecting external URL

---
 .../lib/Lemonldap/NG/Portal/Main/Display.pm     |  2 +-
 lemonldap-ng-portal/t/62-SingleSession.t        | 17 ++++++++++++++---
 2 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
index bfe663ed3..9096665d2 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Main/Display.pm
@@ -142,7 +142,7 @@ sub display {
             CHOICE_VALUE    => $req->data->{_authChoice},
             FORM_METHOD     => $method,
             (
-                $method ne 'get' ? ( SEND_PARAMS => 1 )
+                (not $req->{urldc}) ? ( SEND_PARAMS => 1 )
                 : ()
             ),
             (
diff --git a/lemonldap-ng-portal/t/62-SingleSession.t b/lemonldap-ng-portal/t/62-SingleSession.t
index 53bce64d0..27c70e097 100644
--- a/lemonldap-ng-portal/t/62-SingleSession.t
+++ b/lemonldap-ng-portal/t/62-SingleSession.t
@@ -1,6 +1,7 @@
 use Test::More;
 use strict;
 use IO::String;
+use MIME::Base64;
 
 BEGIN {
     require 't/test-lib.pm';
@@ -37,19 +38,20 @@ my $client3 = LLNG::Manager::Test->new( {
 );
 
 sub loginUser {
-    my ( $client, $user, $ip ) = @_;
+    my ( $client, $user, $ip, %args ) = @_;
     my $query = "user=$user&password=$user";
     ok(
         my $res = $client->_post(
             '/',
             IO::String->new($query),
             length => length($query),
+            accept => 'text/html',
             ip     => $ip,
+            %args
         ),
         'Auth query'
     );
     count(1);
-    expectOK($res);
     return $res;
 }
 
@@ -85,14 +87,23 @@ sub testGetParam {
 # Test singleSession
 switch ($client1);
 
+# Test login
 $res = loginUser( $client1, "dwho", "127.0.0.1" );
 my $id1 = expectCookie($res);
+testGetParam( $res, 0 );
 
 $res = loginUser( $client1, "dwho", "127.0.0.1" );
 my $id2 = expectCookie($res);
+testGetParam( $res, 1 );
+
+# Check that skin=bootstrap isn't appended when going to external URL (#2081)
+$res = loginUser( $client1, "dwho", "127.0.0.1",
+    query => 'url=' . encode_base64( "http://test1.example.com/", '' ), );
+my $id3 = expectCookie($res);
 testGetParam( $res, 0 );
 
-expectOK( testReq( $client1, $id2, 'Attempt login with latest session' ) );
+expectOK( testReq( $client1, $id3, 'Attempt login with latest session' ) );
+expectReject( testReq( $client1, $id2, 'Attempt login with removed session' ) );
 expectReject( testReq( $client1, $id1, 'Attempt login with removed session' ) );
 
 clean_sessions();