From 2522a9c4d8dc9d27ff6e6c8b347a5f039548195f Mon Sep 17 00:00:00 2001
From: Benni Mack <benni@typo3.org>
Date: Wed, 15 Mar 2023 23:32:54 +0100
Subject: [PATCH] [BUGFIX] Allow to modify redirectUrl via PSR-14 event in
 EXT:felogin

The "BeforeRedirectEvent" in EXT:felogin did not
allow to modify the actual redirectUrl,
which is now modified, as the Event was not
as powerful.

Resolves: #96813
Releases: main, 11.5
Change-Id: I5716c9a3f8d58cd019dca5e3e9d47a242c9ec45e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78135
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Tested-by: core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Oliver Bartsch <bo@cedev.de>
Tested-by: Oliver Bartsch <bo@cedev.de>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
---
 .../Classes/Controller/LoginController.php    |  7 +++++--
 .../Classes/Event/BeforeRedirectEvent.php     | 19 +++++++++++++++++--
 2 files changed, 22 insertions(+), 4 deletions(-)

diff --git a/typo3/sysext/felogin/Classes/Controller/LoginController.php b/typo3/sysext/felogin/Classes/Controller/LoginController.php
index 47dfba47c642..a216e3347bfb 100644
--- a/typo3/sysext/felogin/Classes/Controller/LoginController.php
+++ b/typo3/sysext/felogin/Classes/Controller/LoginController.php
@@ -193,8 +193,11 @@ class LoginController extends AbstractLoginFormController
     protected function handleRedirect(): ?ResponseInterface
     {
         if ($this->redirectUrl !== '') {
-            $this->eventDispatcher->dispatch(new BeforeRedirectEvent($this->loginType, $this->redirectUrl));
-            return $this->redirectToUri($this->redirectUrl);
+            $event = new BeforeRedirectEvent($this->loginType, $this->redirectUrl, $this->request);
+            $this->eventDispatcher->dispatch($event);
+            if ($event->getRedirectUrl() !== '') {
+                return $this->redirectToUri($event->getRedirectUrl());
+            }
         }
         return null;
     }
diff --git a/typo3/sysext/felogin/Classes/Event/BeforeRedirectEvent.php b/typo3/sysext/felogin/Classes/Event/BeforeRedirectEvent.php
index 211e49cd7710..a8dffb715bcd 100644
--- a/typo3/sysext/felogin/Classes/Event/BeforeRedirectEvent.php
+++ b/typo3/sysext/felogin/Classes/Event/BeforeRedirectEvent.php
@@ -17,14 +17,19 @@ declare(strict_types=1);
 
 namespace TYPO3\CMS\FrontendLogin\Event;
 
+use Psr\Http\Message\ServerRequestInterface;
+
 /**
- * Notification before a redirect is made.
+ * Notification before a redirect is made, which also allows to modify
+ * the actual redirect URL. Setting the redirect to an empty string
+ * will avoid triggering a redirect.
  */
 final class BeforeRedirectEvent
 {
     public function __construct(
         private readonly string $loginType,
-        private readonly string $redirectUrl
+        private string $redirectUrl,
+        private readonly ServerRequestInterface $request,
     ) {
     }
 
@@ -37,4 +42,14 @@ final class BeforeRedirectEvent
     {
         return $this->redirectUrl;
     }
+
+    public function setRedirectUrl(string $redirectUrl): void
+    {
+        $this->redirectUrl = $redirectUrl;
+    }
+
+    public function getRequest(): ServerRequestInterface
+    {
+        return $this->request;
+    }
 }
-- 
GitLab