From 2dd18be4be2688c23c81e94350a24ebf5cee896c Mon Sep 17 00:00:00 2001
From: Patrick Donelan <pat@patspam.com>
Date: Mon, 22 Mar 2010 15:41:48 -0400
Subject: [PATCH] Fixes #11485 - RedirectAfterLoginUrl Setting should not
 override returnUrl and redirectAfterLogin scratch

The redirectAfterLogin Setting works better if it is checked after
  $self->session->form->get('returnUrl')
and
  $self->session->scratch->get("redirectAfterLogin")
in WebGUI::Auth::login.

This is so that the redirectAfterLogin scratch variable and returnUrl form param get a chance to redirect
Visitors to the appropriate page after being shown an intermediate login form.
---
 docs/changelog/7.x.x.txt | 1 +
 lib/WebGUI/Auth.pm       | 8 ++++----
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 32cd22da9..3020f5655 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -8,6 +8,7 @@
  - fixed #11478: Overzealous removal of double slashes in FilePump macro
  - fixed thread pagination on search results, off by 1 error and modal direction
  - fixed #11482: Template hard-coded in deactivateAccount
+ - fixed #11485: RedirectAfterLoginUrl Setting should not override returnUrl and redirectAfterLogin scratch
 
 7.9.0
  - added #11383: AJAX username checks at registration (Luke Robinson / Orchard Solutions)
diff --git a/lib/WebGUI/Auth.pm b/lib/WebGUI/Auth.pm
index 7ddc2344e..da49bdc8c 100644
--- a/lib/WebGUI/Auth.pm
+++ b/lib/WebGUI/Auth.pm
@@ -881,10 +881,6 @@ sub login {
     ) {
         return $self->showMessageOnLogin;
     }
-    elsif ( $self->session->setting->get("redirectAfterLoginUrl") ) {
-        $self->session->http->setRedirect($self->session->setting->get("redirectAfterLoginUrl"));
-	  	$self->session->scratch->delete("redirectAfterLogin");
-    }
     elsif ( $self->session->form->get('returnUrl') ) {
 		$self->session->http->setRedirect( $self->session->form->get('returnUrl') );
 	  	$self->session->scratch->delete("redirectAfterLogin");
@@ -892,6 +888,10 @@ sub login {
 	elsif ( my $url = $self->session->scratch->delete("redirectAfterLogin") ) {
 		$self->session->http->setRedirect($url);
 	}
+    elsif ( $self->session->setting->get("redirectAfterLoginUrl") ) {
+        $self->session->http->setRedirect($self->session->setting->get("redirectAfterLoginUrl"));
+        $self->session->scratch->delete("redirectAfterLogin");
+    }
 
     # Get open version tag. This is needed if we want
     # to reclaim a version right after login (singlePerUser and siteWide mode)