Skip to content

Commit

Permalink
login: fix redirect traversal bugs
Browse files Browse the repository at this point in the history
Two issues this fixes:

1. When using Traversal (which hasn't been committed yet), request.matched_route will be None which crashes if you access request.matched_route.name

2. It needed to look at the request method (being POST or GET), otherwise it always ended up redirecting to request.route_path("home").

This part should never have run if the request method was POST:

    >>> return_url = request.route_path("home")

Closes #28
  • Loading branch information
robvdl committed Mar 11, 2024
1 parent 06dc024 commit 49c4a1b
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions src/sambal/views/auth.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,13 @@
def login(request):
"""Login form."""
# Avoid looping the login page if accessed directly.
if request.matched_route.name == "login":
# Because the app also uses traversal request.matched_route can be None.
if request.method == "POST":
return_url = request.POST.get("return_url", request.path)
elif request.matched_route and request.matched_route.name == "login":
return_url = request.route_path("home")
else:
return_url = request.POST.get("return_url", request.path)
return_url = request.path

if request.method == "POST":
if (form := LoginForm(request.POST)) and form.validate():
Expand Down

0 comments on commit 49c4a1b

Please sign in to comment.