From 2df992102fa3c627ad687d964b88aed05aad7631 Mon Sep 17 00:00:00 2001
From: Sebastian Serth <Sebastian.Serth@student.hpi.de>
Date: Tue, 5 Feb 2019 12:13:46 +0100
Subject: [PATCH] Allow LTI clients to specify a redirect target

---
 app/controllers/sessions_controller.rb | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 8d7760fc..7e536c6c 100644
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -20,9 +20,13 @@ class SessionsController < ApplicationController
   def create_through_lti
     store_lti_session_data(consumer: @consumer, parameters: params)
     store_nonce(params[:oauth_nonce])
-    redirect_to(implement_exercise_path(@exercise),
-                notice: t("sessions.create_through_lti.session_#{lti_outcome_service?(@exercise.id, @current_user.id , @consumer.id) ? 'with' : 'without'}_outcome",
-                consumer: @consumer))
+    if params[:redirect_target]
+      redirect_to(params[:redirect_target])
+    else
+      redirect_to(implement_exercise_path(@exercise),
+                  notice: t("sessions.create_through_lti.session_#{lti_outcome_service?(@exercise.id, @current_user.id , @consumer.id) ? 'with' : 'without'}_outcome",
+                  consumer: @consumer))
+    end
   end
 
   def destroy