From 0e48edf86edcc3ad3d438ae843849e7338d42ec2 Mon Sep 17 00:00:00 2001
From: Maxime Dor <max@kamax.io>
Date: Fri, 6 Oct 2017 14:10:08 +0200
Subject: [PATCH] Properly handle session next url

---
 .../controller/identity/v1/SessionController.java      | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/io/kamax/mxisd/controller/identity/v1/SessionController.java b/src/main/java/io/kamax/mxisd/controller/identity/v1/SessionController.java
index 9a4f9b4..a2b149c 100644
--- a/src/main/java/io/kamax/mxisd/controller/identity/v1/SessionController.java
+++ b/src/main/java/io/kamax/mxisd/controller/identity/v1/SessionController.java
@@ -35,6 +35,8 @@ import org.springframework.web.bind.annotation.RequestParam;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.net.MalformedURLException;
+import java.net.URL;
 
 import static org.springframework.web.bind.annotation.RequestMethod.GET;
 
@@ -67,7 +69,13 @@ class SessionController {
         ValidationResult r = mgr.validate(sid, secret, token);
         log.info("Session {} was validated", sid);
         if (r.getNextUrl().isPresent()) {
-            String url = srvCfg.getPublicUrl() + r.getNextUrl().get();
+            String url = r.getNextUrl().get();
+            try {
+                url = new URL(url).toString();
+            } catch (MalformedURLException e) {
+                log.info("Session next URL {} is not a valid one, will prepend public URL {}", url, srvCfg.getPublicUrl());
+                url = srvCfg.getPublicUrl() + r.getNextUrl().get();
+            }
             log.info("Session {} validation: next URL is present, redirecting to {}", sid, url);
             return "redirect:" + url;
         } else {