Discource-C
/
discourse
mirror of https://github.com/discourse/discourse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

FIX: Redirect to provided origin after auth (#12558) 

It used to redirect to the destination_url cookie which sometimes is set
incorrectly.
This commit is contained in:
Dan Ungureanu 2021-03-31 12:23:12 +03:00 committed by GitHub
parent c847f5e8a1
commit dce48d8aa7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/controllers/users/omniauth_callbacks_controller.rb
View File

@ -40,7 +40,10 @@ class Users::OmniauthCallbacksController < ApplicationController
preferred_origin = request.env['omniauth.origin']
if SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
if session[:destination_url].present?
preferred_origin = session[:destination_url]
session.delete(:destination_url)
elsif SiteSetting.enable_discourse_connect_provider && payload = cookies.delete(:sso_payload)
preferred_origin = session_sso_provider_url + "?" + payload
elsif cookies[:destination_url].present?
preferred_origin = cookies[:destination_url]

3
lib/middleware/omniauth_bypass_middleware.rb
View File

@ -34,6 +34,9 @@ class Middleware::OmniauthBypassMiddleware
# If the user is trying to reconnect to an existing account, store in session
request.session[:auth_reconnect] = !!request.params["reconnect"]
# If the client provided an origin, store in session to redirect back
request.session[:destination_url] = request.params["origin"]
end
end

10
spec/requests/omniauth_callbacks_controller_spec.rb
View File

@ -766,6 +766,16 @@ RSpec.describe Users::OmniauthCallbacksController do
expect(UserAssociatedAccount.count).to eq(1) # Reconnect has not yet happened
end
it 'stores and redirects to \'origin\' parameter' do
# Log in normally
post "/auth/google_oauth2?origin=http://test.localhost/atesturl"
expect(response.status).to eq(302)
expect(session[:destination_url]).to eq("http://test.localhost/atesturl")
get "/auth/google_oauth2/callback.json"
expect(response.status).to eq(302)
expect(response.redirect_url).to eq("http://test.localhost/atesturl")
end
end
context 'after changing email' do