From db400e77a03fed773447cda804b66218c893e579 Mon Sep 17 00:00:00 2001
From: Samuel Littley <slittley@thoughtmachine.net>
Date: Tue, 26 May 2026 14:17:07 +0100
Subject: [PATCH] Make Phabricator return the user to the page they were on
 after prompting for an MFA

---
 .../PhabricatorAuthFinishController.php        | 10 ++++++++++
 ...abricatorAuthNeedsMultiFactorController.php | 18 +++++++++++++++++-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/src/applications/auth/controller/PhabricatorAuthFinishController.php b/src/applications/auth/controller/PhabricatorAuthFinishController.php
index 4b775a2e4b..90bd9793b4 100644
--- a/src/applications/auth/controller/PhabricatorAuthFinishController.php
+++ b/src/applications/auth/controller/PhabricatorAuthFinishController.php
@@ -25,6 +25,16 @@ public function handleRequest(AphrontRequest $request) {
       return id(new AphrontRedirectResponse())->setURI('/');
     }
 
+    $next_uri = PhabricatorCookies::getNextURICookie($request);
+    if (!phutil_nonempty_string($next_uri)) {
+      if ($this->getDelegatingController()) {
+        $next_uri = (string)$request->getRequestURI();
+        if (!$request->isFormPost()) {
+          PhabricatorCookies::setNextURICookie($request, $next_uri);
+        }
+      }
+    }
+
     $engine = new PhabricatorAuthSessionEngine();
 
     // If this cookie is set, the user is headed into a high security area
diff --git a/src/applications/auth/controller/PhabricatorAuthNeedsMultiFactorController.php b/src/applications/auth/controller/PhabricatorAuthNeedsMultiFactorController.php
index 0f86614b19..6a645fb8a1 100644
--- a/src/applications/auth/controller/PhabricatorAuthNeedsMultiFactorController.php
+++ b/src/applications/auth/controller/PhabricatorAuthNeedsMultiFactorController.php
@@ -30,6 +30,16 @@ public function handleRequest(AphrontRequest $request) {
       return new Aphront400Response();
     }
 
+    $next_uri = PhabricatorCookies::getNextURICookie($request);
+    if (!phutil_nonempty_string($next_uri)) {
+      if ($this->getDelegatingController()) {
+        $next_uri = (string)$request->getRequestURI();
+        if (!$request->isFormPost()) {
+          PhabricatorCookies::setNextURICookie($request, $next_uri);
+        }
+      }
+    }
+
     $panels = $this->loadPanels();
 
     $multifactor_key = id(new PhabricatorMultiFactorSettingsPanel())
@@ -190,11 +200,17 @@ private function newGuidance() {
         'You can make adjustments from the [[ /settings/ | Settings ]] panel '.
         'later.');
 
+      $request = $this->getRequest();
+      $next = PhabricatorCookies::getNextURICookie($request);
+      if (!PhabricatorEnv::isValidLocalURIForLink($next)) {
+        $next = '/';
+      }
+
       return $this->newDialog()
         ->setTitle(pht('Multi-Factor Authentication Setup Complete'))
         ->setWidth(AphrontDialogView::WIDTH_FULL)
         ->appendChild(new PHUIRemarkupView($viewer, $guidance))
-        ->addCancelButton('/', pht('Continue'));
+        ->addCancelButton($next, pht('Continue'));
     }
 
     $views = array();