From fc5d4f72a1a121576f9291d73ebb8296dffa579a Mon Sep 17 00:00:00 2001 From: Aidaho Date: Wed, 23 Apr 2025 13:22:48 +0300 Subject: [PATCH] v8.1.8: Simplify next URL handling and improve redirect behavior. Replaced `request.form` with `request.json` for `next` retrieval in login handling, ensuring consistency for JSON-based requests. Updated the redirect to include `next` parameters, preserving the original path when navigating to the login page. --- app/login.py | 2 +- app/modules/roxywi/auth.py | 2 ++ app/routes/main/routes.py | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/app/login.py b/app/login.py index 1a1df2f5..2bc0febc 100644 --- a/app/login.py +++ b/app/login.py @@ -42,7 +42,7 @@ def login_page(): return render_template('login.html', lang=lang) elif request.method == 'POST': - next_url = request.args.get('next') or request.form.get('next') + next_url = request.json.get('next') login = request.json.get('login') password = request.json.get('pass') try: diff --git a/app/modules/roxywi/auth.py b/app/modules/roxywi/auth.py index 1df47a19..ea4b7dd5 100644 --- a/app/modules/roxywi/auth.py +++ b/app/modules/roxywi/auth.py @@ -104,6 +104,8 @@ def check_in_ldap(user, password): def do_login(user_params: dict, next_url: str): if next_url: + if 'https://' in next_url or 'http://' in next_url: + next_url = '/' redirect_to = f'https://{request.host}{next_url}' else: redirect_to = f"https://{request.host}{url_for('overview.index')}" diff --git a/app/routes/main/routes.py b/app/routes/main/routes.py index fd81056e..0e554ff4 100644 --- a/app/routes/main/routes.py +++ b/app/routes/main/routes.py @@ -62,7 +62,7 @@ def handle_pydantic_validation_errors1(e): def no_auth(e): if 'api' in request.url: return jsonify({'error': str(e)}), 401 - return redirect(url_for('login_page')) + return redirect(url_for('login_page', next=request.full_path)) @app.errorhandler(403)