From 677cb78d5fdc79591e9515e9ecafda7012fd1c84 Mon Sep 17 00:00:00 2001
From: "Albert J. Wong" <omb.awong@gmail.com>
Date: Thu, 16 Oct 2014 04:03:41 -0700
Subject: [PATCH] Preserve query parameters in _return_to for redirect.

Storing just request.path drops the query string which makes two factory
authentication less useful when the guarded page needs those parameters.

This brings the two factor authentication redirect behavior in line with
devise's.
---
 lib/two_factor_authentication/controllers/helpers.rb | 2 +-
 spec/features/two_factor_authenticatable_spec.rb     | 4 +++-
 spec/rails_app/app/views/home/dashboard.html.erb     | 4 ++++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/lib/two_factor_authentication/controllers/helpers.rb b/lib/two_factor_authentication/controllers/helpers.rb
index 7e5abb1..a622dde 100644
--- a/lib/two_factor_authentication/controllers/helpers.rb
+++ b/lib/two_factor_authentication/controllers/helpers.rb
@@ -21,7 +21,7 @@ module TwoFactorAuthentication
 
       def handle_failed_second_factor(scope)
         if request.format.present? and request.format.html?
-          session["#{scope}_return_to"] = request.path if request.get?
+          session["#{scope}_return_to"] = "#{request.path}?#{request.query_string}" if request.get?
           redirect_to two_factor_authentication_path_for(scope)
         else
           render nothing: true, status: :unauthorized
diff --git a/spec/features/two_factor_authenticatable_spec.rb b/spec/features/two_factor_authenticatable_spec.rb
index 9b3ef7d..a1a424a 100644
--- a/spec/features/two_factor_authenticatable_spec.rb
+++ b/spec/features/two_factor_authenticatable_spec.rb
@@ -45,7 +45,7 @@ feature "User of two factor authentication" do
     end
 
     scenario "is redirected to TFA when path requires authentication" do
-      visit dashboard_path
+      visit dashboard_path + "?A=param%20a&B=param%20b"
 
       expect(page).to_not have_content("Your Personal Dashboard")
 
@@ -54,6 +54,8 @@ feature "User of two factor authentication" do
 
       expect(page).to have_content("Your Personal Dashboard")
       expect(page).to have_content("You are signed in as Marissa")
+      expect(page).to have_content("Param A is param a")
+      expect(page).to have_content("Param B is param b")
     end
 
     scenario "is locked out after max failed attempts" do
diff --git a/spec/rails_app/app/views/home/dashboard.html.erb b/spec/rails_app/app/views/home/dashboard.html.erb
index 13e63b8..5cc9244 100644
--- a/spec/rails_app/app/views/home/dashboard.html.erb
+++ b/spec/rails_app/app/views/home/dashboard.html.erb
@@ -4,4 +4,8 @@
 
 <p>Your registered email address is <%= current_user.email %></p>
 
+<p> Param A is <%= params[:A] %></p>
+
+<p> Param B is <%= params[:B] %></p>
+
 <p>You can only see this page after successfully completing two factor authentication</p>