From 85eb15ba5ba4718f1f76b1af2b81682dae01c221 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Mat=C3=ADas=20Aguirre?= Date: Mon, 11 Jul 2011 11:47:39 -0300 Subject: [PATCH] Fix association redirect URL bug --- social_auth/views.py | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/social_auth/views.py b/social_auth/views.py index f654078..b66d3c0 100644 --- a/social_auth/views.py +++ b/social_auth/views.py @@ -94,9 +94,9 @@ def associate_complete(request, backend): return HttpResponseServerError('Incorrect authentication service') backend.auth_complete(user=request.user) - url = request.session.pop(REDIRECT_FIELD_NAME, '') or \ - NEW_ASSOCIATION_REDIRECT or \ - DEFAULT_REDIRECT + url = request.session.pop(REDIRECT_FIELD_NAME, '') or DEFAULT_REDIRECT + if NEW_ASSOCIATION_REDIRECT: + url = NEW_ASSOCIATION_REDIRECT return HttpResponseRedirect(url) @@ -120,10 +120,16 @@ def auth_process(request, backend, complete_url_name): backend = get_backend(backend, request, redirect) if not backend: return HttpResponseServerError('Incorrect authentication service') - # Check and sanitize a user-defined GET/POST redirect_to field value. - redirect = sanitize_redirect(request.get_host(), - request.REQUEST.get(REDIRECT_FIELD_NAME)) - request.session[REDIRECT_FIELD_NAME] = redirect or DEFAULT_REDIRECT + + # Save any defined redirect_to value into session + if REDIRECT_FIELD_NAME in request.REQUEST: + data = request.POST if request.method == 'POST' else request.GET + if REDIRECT_FIELD_NAME in data: + # Check and sanitize a user-defined GET/POST redirect_to field value. + redirect = sanitize_redirect(request.get_host(), + data[REDIRECT_FIELD_NAME]) + request.session[REDIRECT_FIELD_NAME] = redirect or DEFAULT_REDIRECT + if backend.uses_redirect: return HttpResponseRedirect(backend.auth_url()) else: -- 2.39.5