FIX: Correctly redirect after external login on subfolder sites (#10529)
This commit is contained in:
parent
996d5f3b17
commit
4351fa435e
|
@ -32,7 +32,7 @@ class Users::OmniauthCallbacksController < ApplicationController
|
|||
# Save to redis, with a secret token, then redirect to confirmation screen
|
||||
token = SecureRandom.hex
|
||||
Discourse.redis.setex "#{Users::AssociateAccountsController::REDIS_PREFIX}_#{current_user.id}_#{token}", 10.minutes, auth.to_json
|
||||
return redirect_to Discourse.base_uri("/associate/#{token}")
|
||||
return redirect_to "#{Discourse.base_uri}/associate/#{token}"
|
||||
else
|
||||
@auth_result = authenticator.after_authenticate(auth)
|
||||
DiscourseEvent.trigger(:after_auth, authenticator, @auth_result)
|
||||
|
@ -55,7 +55,7 @@ class Users::OmniauthCallbacksController < ApplicationController
|
|||
|
||||
if parsed && # Valid
|
||||
(parsed.host == nil || parsed.host == Discourse.current_hostname) && # Local
|
||||
!parsed.path.starts_with?(Discourse.base_uri("/auth/")) # Not /auth URL
|
||||
!parsed.path.starts_with?("#{Discourse.base_uri}/auth/") # Not /auth URL
|
||||
@origin = +"#{parsed.path}"
|
||||
@origin << "?#{parsed.query}" if parsed.query
|
||||
end
|
||||
|
|
|
@ -545,6 +545,19 @@ RSpec.describe Users::OmniauthCallbacksController do
|
|||
expect(cookie_data["destination_url"]).to eq('/t/123')
|
||||
end
|
||||
|
||||
it "redirects to internal origin on subfolder" do
|
||||
set_subfolder "/subpath"
|
||||
|
||||
post "/auth/google_oauth2?origin=http://test.localhost/subpath/t/123"
|
||||
get "/auth/google_oauth2/callback"
|
||||
|
||||
expect(response.status).to eq 302
|
||||
expect(response.location).to eq "http://test.localhost/subpath/t/123"
|
||||
|
||||
cookie_data = JSON.parse(response.cookies['authentication_data'])
|
||||
expect(cookie_data["destination_url"]).to eq('/subpath/t/123')
|
||||
end
|
||||
|
||||
it "never redirects to /auth/ origin" do
|
||||
post "/auth/google_oauth2?origin=http://test.localhost/auth/google_oauth2"
|
||||
get "/auth/google_oauth2/callback"
|
||||
|
@ -556,6 +569,19 @@ RSpec.describe Users::OmniauthCallbacksController do
|
|||
expect(cookie_data["destination_url"]).to eq('/')
|
||||
end
|
||||
|
||||
it "never redirects to /auth/ origin on subfolder" do
|
||||
set_subfolder "/subpath"
|
||||
|
||||
post "/auth/google_oauth2?origin=http://test.localhost/subpath/auth/google_oauth2"
|
||||
get "/auth/google_oauth2/callback"
|
||||
|
||||
expect(response.status).to eq 302
|
||||
expect(response.location).to eq "http://test.localhost/subpath"
|
||||
|
||||
cookie_data = JSON.parse(response.cookies['authentication_data'])
|
||||
expect(cookie_data["destination_url"]).to eq('/subpath')
|
||||
end
|
||||
|
||||
it "redirects to relative origin" do
|
||||
post "/auth/google_oauth2?origin=/t/123"
|
||||
get "/auth/google_oauth2/callback"
|
||||
|
|
Loading…
Reference in New Issue