owncloud · PVince81 · Jul 31, 2017 · Jun 28, 2017 · Jul 17, 2017
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
@@ -196,8 +196,15 @@ public function tryLogin($user, $password, $redirect_url) {
 			$this->session->set('loginMessages', [
 				['invalidpassword'], []
 			]);
+			$args = [];
 			// Read current user and append if possible - we need to return the unmodified user otherwise we will leak the login name
-			$args = !is_null($user) ? ['user' => $originalUser] : [];
+			if (!is_null($user)) {
+				$args['user'] = $originalUser;
+			}
+			// keep the redirect url
+			if (!empty($redirect_url)) {
+				$args['redirect_url'] = $redirect_url;
+			}
 			return new RedirectResponse($this->urlGenerator->linkToRoute('core.login.showLoginForm', $args));
 		}
 		// TODO: remove password checks from above and let the user session handle failures

diff --git a/tests/Core/Controller/LoginControllerTest.php b/tests/Core/Controller/LoginControllerTest.php
@@ -286,7 +286,7 @@ public function testShowLoginFormForUserNamedNull() {
 	}
 
 	public function testLoginWithInvalidCredentials() {
-		$user = $this->createMock(IUser::class);
+		$user = 'unknown';
 		$password = 'secret';
 		$loginPageUrl = 'some url';
 
@@ -295,14 +295,14 @@ public function testLoginWithInvalidCredentials() {
 			->will($this->returnValue(false));
 		$this->urlGenerator->expects($this->once())
 			->method('linkToRoute')
-			->with('core.login.showLoginForm')
+			->with('core.login.showLoginForm', ['user' => $user, 'redirect_url' => '/foo'])
 			->will($this->returnValue($loginPageUrl));
 
 		$this->userSession->expects($this->never())
 			->method('createSessionToken');
 
 		$expected = new RedirectResponse($loginPageUrl);
-		$this->assertEquals($expected, $this->loginController->tryLogin($user, $password, ''));
+		$this->assertEquals($expected, $this->loginController->tryLogin($user, $password, '/foo'));
 	}
 
 	public function testLoginWithValidCredentials() {