Skip to content

Commit 7c7dab7

Browse files
Ostap-ZherebetskyiOstap-Zherebetskyi
authored
Merge pull request #11580 from ihorsokhanexoft/fix/ENG-10238
[ENG-10238] Allow next_url to contain local url of Angular
2 parents 78eabe7 + d48f9ae commit 7c7dab7

File tree

3 files changed

+16
-0
lines changed

3 files changed

+16
-0
lines changed

framework/auth/views.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1207,6 +1207,10 @@ def validate_next_url(next_url):
12071207
:return: True if valid, False otherwise
12081208
"""
12091209

1210+
# allow redirection to angular locally
1211+
if settings.LOCAL_ANGULAR_URL in next_url and settings.DEBUG_MODE:
1212+
return True
1213+
12101214
# disable external domain using `//`: the browser allows `//` as a shortcut for non-protocol specific requests
12111215
# like http:// or https:// depending on the use of SSL on the page already.
12121216
if next_url.startswith('//'):

tests/test_auth_views.py

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -584,6 +584,17 @@ def test_next_url_login_with_auth(self):
584584
assert data.get('status_code') == http_status.HTTP_302_FOUND
585585
assert data.get('next_url') == self.next_url
586586

587+
def test_next_url_angular_login_with_auth(self):
588+
data = login_and_register_handler(self.auth, next_url=settings.LOCAL_ANGULAR_URL)
589+
assert data.get('status_code') == http_status.HTTP_302_FOUND
590+
assert data.get('next_url') == settings.LOCAL_ANGULAR_URL
591+
592+
def test_next_url_angular_login_without_auth(self):
593+
request.url = web_url_for('auth_login', next=settings.LOCAL_ANGULAR_URL, _absolute=True)
594+
data = login_and_register_handler(self.no_auth, next_url=settings.LOCAL_ANGULAR_URL)
595+
assert data.get('status_code') == http_status.HTTP_302_FOUND
596+
assert data.get('next_url') == cas.get_login_url(request.url)
597+
587598
def test_next_url_login_without_auth(self):
588599
# login: user without auth
589600
request.url = web_url_for('auth_login', next=self.next_url, _absolute=True)

website/settings/defaults.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,7 @@ def parent_dir(path):
9090
INTERNAL_DOMAIN = DOMAIN
9191
API_DOMAIN = PROTOCOL + 'localhost:8000/'
9292
RESET_PASSWORD_URL = PROTOCOL + 'localhost:5000/resetpassword/' # TODO set angular reset password url
93+
LOCAL_ANGULAR_URL = 'localhost:4200'
9394

9495
PREPRINT_PROVIDER_DOMAINS = {
9596
'enabled': False,

0 commit comments

Comments
 (0)