diff --git a/CHANGELOG.md b/CHANGELOG.md index 3483bb48..a1fddc0b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,7 +8,7 @@ All notable changes to this project will be documented in this file. ### Bug Fixes -- Fix after-login redirects for users landing in the "Add Slack" page +- Fix after-login redirects (the "?next=" query parameter) ## 1.3.0 - 2018-11-21 diff --git a/hc/accounts/tests/test_login.py b/hc/accounts/tests/test_login.py index c6b847fa..725a0ff6 100644 --- a/hc/accounts/tests/test_login.py +++ b/hc/accounts/tests/test_login.py @@ -2,6 +2,7 @@ from django.contrib.auth.models import User from django.core import mail from django.test import TestCase from hc.accounts.models import Profile +from hc.api.models import Check from django.conf import settings @@ -77,14 +78,22 @@ class LoginTestCase(TestCase): alice.set_password("password") alice.save() + check = Check.objects.create(user=alice) + form = { "action": "login", "email": "alice@example.org", "password": "password" } - r = self.client.post("/accounts/login/?next=/integrations/add_slack/", form) - self.assertRedirects(r, "/integrations/add_slack/") + samples = [ + "/integrations/add_slack/", + "/checks/%s/details/" % check.code + ] + + for s in samples: + r = self.client.post("/accounts/login/?next=%s" % s, form) + self.assertRedirects(r, s) def test_it_handles_bad_next_parameter(self): alice = User(username="alice", email="alice@example.org") diff --git a/hc/accounts/views.py b/hc/accounts/views.py index 50a7142c..0eeaccf7 100644 --- a/hc/accounts/views.py +++ b/hc/accounts/views.py @@ -13,6 +13,7 @@ from django.core import signing from django.http import HttpResponseForbidden, HttpResponseBadRequest from django.shortcuts import redirect, render from django.utils.timezone import now +from django.urls import resolve, Resolver404 from django.views.decorators.csrf import csrf_exempt from django.views.decorators.http import require_POST from hc.accounts.forms import (ChangeEmailForm, EmailPasswordForm, @@ -25,9 +26,21 @@ from hc.api.models import Channel, Check from hc.lib.badges import get_badge_url from hc.payments.models import Subscription -NEXT_WHITELIST = ("/checks/", - "/integrations/add_slack/", - "/integrations/add_pushover/") +NEXT_WHITELIST = ("hc-checks", + "hc-details", + "hc-log", + "hc-channels", + "hc-add-slack", + "hc-add-pushover") + + +def _is_whitelisted(path): + try: + match = resolve(path) + except Resolver404: + return False + + return match.url_name in NEXT_WHITELIST def _make_user(email): @@ -67,7 +80,7 @@ def _redirect_after_login(request): """ Redirect to the URL indicated in ?next= query parameter. """ redirect_url = request.GET.get("next") - if redirect_url in NEXT_WHITELIST: + if _is_whitelisted(redirect_url): return redirect(redirect_url) return redirect("hc-checks") @@ -90,7 +103,7 @@ def login(request): profile = Profile.objects.for_user(magic_form.user) redirect_url = request.GET.get("next") - if redirect_url in NEXT_WHITELIST: + if _is_whitelisted(redirect_url): profile.send_instant_login_link(redirect_url=redirect_url) else: profile.send_instant_login_link()