fix(login): take custom webroot into account when redirecting

[alixinne]

Hello,

This PR fixes an issue I have been encountering on my Nextcloud deployment.

The issue is as follows:

• Nextcloud is hosted at https://my.domain/nextcloud/
• SSO (Keycloak) is hosted at https://sso.my.domain/

Nextcloud is configured with the following options:

'overwritewebroot' => 'nextcloud',
'overwriteprotocol' => 'https',
'overwritehost' => 'my.domain'

When trying to reach a restricted page (for example, trying to reach the calendar at https://my.domain/nextcloud/apps/calendar/), the following happens

• Redirect to Nextcloud login page (with ?redirect_url=/apps/calendar/)
• Picking Keycloak login (from this plugin) redirects to Keycloak
• After logging in, Keycloak redirects to the Social login callback (with ?login_redirect_url=/apps/calendar)
• Social login redirects to /apps/calendar => which isn't the Nextcloud instance

This can be fixed by redirecting to \OC::$WEBROOT . $redirect_url, where \OC::$WEBROOT is the Nextcloud variable holding the web root.

I have tested this fix on my instance, it does solve the issue.

[zorn-v]

It will break login flow in desktop/mobile apps. https://github.com/zorn-v/nextcloud-social-login/issues/35

[alixinne]

That's a problem indeed, maybe there's a way to detect which login flow we are currently executing? I'll look into it but don't hesitate if you have any pointers on where to look!

[zorn-v]

Well, you can check that redirect url starts with slash.

[alixinne]

Right, the login flow for mobile/desktop redirects to an absolute URL somewhere on localhost or something?

[zorn-v]

It redirect to something like nc://login?

[alixinne]

This new version should work with both flows