From 509b4c55a2faa23f8ee49e05ec81b16b501e42f2 Mon Sep 17 00:00:00 2001 From: dandds Date: Mon, 1 Oct 2018 16:16:17 -0400 Subject: [PATCH] more explicit naming, query param handling for login redirects --- atst/routes/__init__.py | 9 +++++---- atst/routes/dev.py | 4 ++-- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/atst/routes/__init__.py b/atst/routes/__init__.py index 18e719f4..d13bdb36 100644 --- a/atst/routes/__init__.py +++ b/atst/routes/__init__.py @@ -20,7 +20,8 @@ def root(): redirect_url = app.config.get("CAC_URL") if request.args.get("next"): redirect_url = url.urljoin( - redirect_url, "?{}".format(url.urlencode(request.args)) + redirect_url, + "?{}".format(url.urlencode({"next": request.args.get("next")})), ) return render_template( @@ -80,11 +81,11 @@ def _make_authentication_context(): ) -def redirect_url(): +def redirect_after_login_url(): if request.args.get("next"): return request.args.get("next") else: - return url_for(".home") + return url_for("atst.home") @bp.route("/login-redirect") @@ -94,7 +95,7 @@ def login_redirect(): user = auth_context.get_user() session["user_id"] = user.id - return redirect(redirect_url()) + return redirect(redirect_after_login_url()) @bp.route("/logout") diff --git a/atst/routes/dev.py b/atst/routes/dev.py index 02d290cc..e9b107e8 100644 --- a/atst/routes/dev.py +++ b/atst/routes/dev.py @@ -1,6 +1,6 @@ from flask import Blueprint, request, session, redirect -from . import redirect_url +from . import redirect_after_login_url from atst.domain.users import Users bp = Blueprint("dev", __name__) @@ -64,4 +64,4 @@ def login_dev(): ) session["user_id"] = user.id - return redirect(redirect_url()) + return redirect(redirect_after_login_url())