Store next url redirect for in session to work with oauth login callbacks

2016-07-08 23:39:11 -04:00 · 2016-07-08 23:39:11 -04:00 · aa0a8a2aa8
--- a/realms/modules/auth/ldap/views.py
+++ b/realms/modules/auth/ldap/views.py
@ -1,4 +1,4 @@
-from flask import current_app, request, redirect, Blueprint, flash, url_for
+from flask import current_app, request, redirect, Blueprint, flash, url_for, session
 from ..ldap.models import User
 from flask_ldap_login import LDAPLoginForm

@ -14,6 +14,6 @@ def login():
        return redirect(url_for('auth.login'))

    if User.auth(form.user, request.form['password']):
-        return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT']))
+        return redirect(session.get("next_url") or url_for(current_app.config['ROOT_ENDPOINT']))
    else:
        return redirect(url_for('auth.login'))
--- a/realms/modules/auth/local/views.py
+++ b/realms/modules/auth/local/views.py
@ -1,4 +1,4 @@
-from flask import current_app, render_template, request, redirect, Blueprint, flash, url_for
+from flask import current_app, render_template, request, redirect, Blueprint, flash, url_for, session
 from realms.modules.auth.local.models import User
 from realms.modules.auth.local.forms import LoginForm, RegistrationForm

@ -46,6 +46,6 @@ def register():
        User.create(request.form['username'], request.form['email'], request.form['password'])
        User.auth(request.form['email'], request.form['password'])

-        return redirect(request.args.get("next") or url_for(current_app.config['ROOT_ENDPOINT']))
+        return redirect(session.get("next_url") or url_for(current_app.config['ROOT_ENDPOINT']))

    return render_template("auth/register.html", form=form)
--- a/realms/modules/auth/oauth/views.py
+++ b/realms/modules/auth/oauth/views.py
@ -16,7 +16,7 @@ def login(provider):

@blueprint.route('/login/oauth/<provider>/callback')
 def callback(provider):
-    next_url = request.args.get('next') or url_for(current_app.config['ROOT_ENDPOINT'])
+    next_url = session.get('next_url') or url_for(current_app.config['ROOT_ENDPOINT'])
    try:
        remote_app = User.get_app(provider)
        resp = remote_app.authorized_response()
--- a/realms/modules/auth/views.py
+++ b/realms/modules/auth/views.py
@ -1,4 +1,4 @@
-from flask import current_app, render_template, request, redirect, Blueprint, flash, url_for
+from flask import current_app, render_template, request, redirect, Blueprint, flash, url_for, session
 from flask.ext.login import logout_user
 from realms.modules.auth.models import Auth

@ -7,6 +7,8 @@ blueprint = Blueprint('auth', __name__)

@blueprint.route("/login", methods=['GET', 'POST'])
 def login():
+    next_url = request.args.get('next') or url_for(current_app.config['ROOT_ENDPOINT'])
+    session['next_url'] = next_url
    return render_template("auth/login.html", forms=Auth.login_forms())