Fix after-login redirects to "Check Details" and other pages.

CHANGELOG.md

@@ -8,7 +8,7 @@ All notable changes to this project will be documented in this file.
 
 
 ### Bug Fixes
-- Fix after-login redirects for users landing in the "Add Slack" page
+- Fix after-login redirects (the "?next=" query parameter)
 
 
 ## 1.3.0 - 2018-11-21

hc/accounts/tests/test_login.py

@@ -2,6 +2,7 @@ from django.contrib.auth.models import User
 from django.core import mail
 from django.test import TestCase
 from hc.accounts.models import Profile
+from hc.api.models import Check
 from django.conf import settings
 
 
@@ -77,14 +78,22 @@ class LoginTestCase(TestCase):
         alice.set_password("password")
         alice.save()
 
+        check = Check.objects.create(user=alice)
+
         form = {
             "action": "login",
             "email": "[email protected]",
             "password": "password"
         }
 
-        r = self.client.post("/accounts/login/?next=/integrations/add_slack/", form)
-        self.assertRedirects(r, "/integrations/add_slack/")
+        samples = [
+            "/integrations/add_slack/",
+            "/checks/%s/details/" % check.code
+        ]
+
+        for s in samples:
+            r = self.client.post("/accounts/login/?next=%s" % s, form)
+            self.assertRedirects(r, s)
 
     def test_it_handles_bad_next_parameter(self):
         alice = User(username="alice", email="[email protected]")

hc/accounts/views.py

@@ -13,6 +13,7 @@ from django.core import signing
 from django.http import HttpResponseForbidden, HttpResponseBadRequest
 from django.shortcuts import redirect, render
 from django.utils.timezone import now
+from django.urls import resolve, Resolver404
 from django.views.decorators.csrf import csrf_exempt
 from django.views.decorators.http import require_POST
 from hc.accounts.forms import (ChangeEmailForm, EmailPasswordForm,
@@ -25,9 +26,21 @@ from hc.api.models import Channel, Check
 from hc.lib.badges import get_badge_url
 from hc.payments.models import Subscription
 
-NEXT_WHITELIST = ("/checks/",
-                  "/integrations/add_slack/",
-                  "/integrations/add_pushover/")
+NEXT_WHITELIST = ("hc-checks",
+                  "hc-details",
+                  "hc-log",
+                  "hc-channels",
+                  "hc-add-slack",
+                  "hc-add-pushover")
+
+
+def _is_whitelisted(path):
+    try:
+        match = resolve(path)
+    except Resolver404:
+        return False
+
+    return match.url_name in NEXT_WHITELIST
 
 
 def _make_user(email):
@@ -67,7 +80,7 @@ def _redirect_after_login(request):
     """ Redirect to the URL indicated in ?next= query parameter. """
 
     redirect_url = request.GET.get("next")
-    if redirect_url in NEXT_WHITELIST:
+    if _is_whitelisted(redirect_url):
         return redirect(redirect_url)
 
     return redirect("hc-checks")
@@ -90,7 +103,7 @@ def login(request):
                 profile = Profile.objects.for_user(magic_form.user)
 
                 redirect_url = request.GET.get("next")
-                if redirect_url in NEXT_WHITELIST:
+                if _is_whitelisted(redirect_url):
                     profile.send_instant_login_link(redirect_url=redirect_url)
                 else:
                     profile.send_instant_login_link()