github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-23 13:31:18 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

FIX: Do not redirect to /auth/* urls after authentication

Browse Source 
When using the login confirmation screen, the referrer URL is `/auth/{provider}`. That means that the user is redirected back to the confirmation screen after logging in, even though login was successful. This is very confusing. Instead, they should be redirected to the homepage.
This commit is contained in:
David Taylor
2020-01-08 17:06:03 +00:00
parent e616b92511
commit 5eda44f8f2
2 changed files with 14 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
spec/requests/omniauth_callbacks_controller_spec.rb
View File

@ -459,6 +459,17 @@ RSpec.describe Users::OmniauthCallbacksController do
expect(cookie_data["destination_url"]).to eq('/t/123')
end
it "never redirects to /auth/ origin" do
post "/auth/google_oauth2?origin=http://test.localhost/auth/google_oauth2"
get "/auth/google_oauth2/callback"
expect(response.status).to eq 302
expect(response.location).to eq "http://test.localhost/"
cookie_data = JSON.parse(response.cookies['authentication_data'])
expect(cookie_data["destination_url"]).to eq('/')
end
it "redirects to relative origin" do
post "/auth/google_oauth2?origin=/t/123"
get "/auth/google_oauth2/callback"