v8.1.8: Simplify next URL handling and improve redirect behavior.

Replaced `request.form` with `request.json` for `next` retrieval in login handling, ensuring consistency for JSON-based requests. Updated the redirect to include `next` parameters, preserving the original path when navigating to the login page.

app/login.py

@@ -42,7 +42,7 @@ def login_page():
 
         return render_template('login.html', lang=lang)
     elif request.method == 'POST':
-        next_url = request.args.get('next') or request.form.get('next')
+        next_url = request.json.get('next')
         login = request.json.get('login')
         password = request.json.get('pass')
         try:

app/modules/roxywi/auth.py

@@ -104,6 +104,8 @@ def check_in_ldap(user, password):
 
 def do_login(user_params: dict, next_url: str):
     if next_url:
+        if 'https://' in next_url or 'http://' in next_url:
+            next_url = '/'
         redirect_to = f'https://{request.host}{next_url}'
     else:
         redirect_to = f"https://{request.host}{url_for('overview.index')}"

app/routes/main/routes.py

@@ -62,7 +62,7 @@ def handle_pydantic_validation_errors1(e):
 def no_auth(e):
     if 'api' in request.url:
         return jsonify({'error': str(e)}), 401
-    return redirect(url_for('login_page'))
+    return redirect(url_for('login_page', next=request.full_path))
 
 
 @app.errorhandler(403)