Fix #11383

app/Http/Controllers/Auth/LoginController.php

@@ -31,6 +31,7 @@ use FireflyIII\Exceptions\FireflyException;
 use FireflyIII\Http\Controllers\Controller;
 use FireflyIII\Providers\RouteServiceProvider;
 use FireflyIII\Repositories\User\UserRepositoryInterface;
+use FireflyIII\Support\Facades\Steam;
 use FireflyIII\User;
 use Illuminate\Contracts\Foundation\Application;
 use Illuminate\Contracts\View\Factory;
@@ -103,8 +104,7 @@ class LoginController extends Controller
                         $this->username => trans('auth.failed'),
                     ]
                 )
-                ->onlyInput($this->username)
-            ;
+                ->onlyInput($this->username);
         }
         Log::debug('Login data is present.');
 
@@ -128,7 +128,6 @@ class LoginController extends Controller
             // send a custom login event because laravel will also fire a login event if a "remember me"-cookie
             // restores the event.
             event(new ActuallyLoggedIn($this->guard()->user()));
-
             return $this->sendLoginResponse($request);
         }
         Log::warning('Login attempt failed.');
@@ -260,4 +259,25 @@ class LoginController extends Controller
 
         return view('auth.login', ['allowRegistration' => $allowRegistration, 'email' => $email, 'remember' => $remember, 'allowReset' => $allowReset, 'title' => $title, 'usernameField' => $usernameField]);
     }
+
+    /**
+     * Send the response after the user was authenticated.
+     *
+     * @param \Illuminate\Http\Request $request
+     *
+     * @return \Illuminate\Http\RedirectResponse|\Illuminate\Http\JsonResponse
+     */
+    protected function sendLoginResponse(Request $request)
+    {
+        $request->session()->regenerate();
+        $this->clearLoginAttempts($request);
+
+        if ($response = $this->authenticated($request, $this->guard()->user())) {
+            return $response;
+        }
+        $path = Steam::getSafeUrl(session()->pull('url.intended', route('index')), route('index'));
+        Log::debug(sprintf('SafeURL is %s', $path));
+        return $request->wantsJson() ? new JsonResponse([], 204) : redirect()->to($path);
+    }
+
 }

app/Support/Steam.php

@@ -23,9 +23,8 @@ declare(strict_types=1);
 
 namespace FireflyIII\Support;
 
-use FireflyIII\Support\Facades\Preferences;
-use Deprecated;
 use Carbon\Carbon;
+use Deprecated;
 use Exception;
 use FireflyIII\Exceptions\FireflyException;
 use FireflyIII\Models\Account;
@@ -33,6 +32,7 @@ use FireflyIII\Models\AccountMeta;
 use FireflyIII\Models\Transaction;
 use FireflyIII\Models\TransactionCurrency;
 use FireflyIII\Support\Facades\Amount;
+use FireflyIII\Support\Facades\Preferences;
 use FireflyIII\Support\Http\Api\ExchangeRateConverter;
 use FireflyIII\Support\Singleton\PreferencesSingleton;
 use Illuminate\Support\Collection;
@@ -43,7 +43,6 @@ use Psr\Container\ContainerExceptionInterface;
 use Psr\Container\NotFoundExceptionInterface;
 use Safe\Exceptions\UrlException;
 use ValueError;
-
 use function Safe\parse_url;
 use function Safe\preg_replace;
 
@@ -66,8 +65,7 @@ class Steam
                                   ->leftJoin('transaction_currencies', 'transaction_currencies.id', '=', 'transactions.transaction_currency_id')
                                   ->where('transaction_journals.date', $inclusive ? '<=' : '<', $date->format('Y-m-d H:i:s'))
                                   ->groupBy(['transactions.account_id', 'transaction_currencies.code'])
-            ->get(['transactions.account_id', 'transaction_currencies.code', DB::raw('SUM(transactions.amount) as sum_of_amount')])->toArray()
-        ;
+                                  ->get(['transactions.account_id', 'transaction_currencies.code', DB::raw('SUM(transactions.amount) as sum_of_amount')])->toArray();
 
         Log::debug('Array of sums: ', $arrayOfSums);
 
@@ -131,7 +129,8 @@ class Steam
     }
 
     /**
-     * Calls accountsBalancesOptimized for the given accounts and makes sure that inclusive is set to false, so it properly gets the balance of a range.
+     * Calls accountsBalancesOptimized for the given accounts and makes sure that inclusive is set to false, so it
+     * properly gets the balance of a range.
      */
     public function accountsBalancesInRange(Collection $accounts, Carbon $start, Carbon $end, ?TransactionCurrency $primary = null, ?bool $convertToPrimary = null): array
     {
@@ -305,7 +304,8 @@ class Steam
         "balance": balance in the account's currency OR user's primary currency if the account has no currency
         --> "pc_balance": balance in the user's primary currency, with all amounts converted to the primary currency.
         "EUR": balance in EUR (or whatever currencies the account has balance in)
-        TXT)]
+        TXT
+    )]
     public function finalAccountBalance(Account $account, Carbon $date, ?TransactionCurrency $primary = null, ?bool $convertToPrimary = null, bool $inclusive = true): array
     {
 
@@ -342,8 +342,7 @@ class Steam
                           ->leftJoin('transaction_journals', 'transaction_journals.id', '=', 'transactions.transaction_journal_id')
                           ->leftJoin('transaction_currencies', 'transaction_currencies.id', '=', 'transactions.transaction_currency_id')
                           ->where('transaction_journals.date', $inclusive ? '<=' : '<', $date->format('Y-m-d H:i:s'))
-            ->get(['transaction_currencies.code', 'transactions.amount'])->toArray()
-        ;
+                          ->get(['transaction_currencies.code', 'transactions.amount'])->toArray();
         $others = $this->groupAndSumTransactions($array, 'code', 'amount');
         Log::debug('All balances are (joined)', $others);
         // if there is no request to convert, take this as "balance" and "pc_balance".
@@ -446,8 +445,7 @@ class Steam
                              'transactions.transaction_currency_id',
                              DB::raw('SUM(transactions.amount) AS sum_of_day'),
                            ]
-            )
-        ;
+                       );
 
         $currentBalance = $startBalance;
         $converter      = new ExchangeRateConverter();
@@ -663,8 +661,8 @@ class Steam
      */
     public function getSafePreviousUrl(): string
     {
-        // Log::debug(sprintf('getSafePreviousUrl: "%s"', session()->previousUrl()));
-        return session()->previousUrl() ?? route('index');
+        $res = $this->getSafeUrl(session()->previousUrl() ?? route('index'), route('index'));
+        Log::debug(sprintf('getSafePreviousUrl: "%s"', $res));
     }
 
     /**
@@ -674,7 +672,7 @@ class Steam
     {
         // Log::debug(sprintf('getSafeUrl(%s, %s)', $unknownUrl, $safeUrl));
         $returnUrl = $safeUrl;
-
+//        die('in get safe url');
         try {
             $unknownHost = parse_url($unknownUrl, PHP_URL_HOST);
         } catch (UrlException $e) {