Projet

Général

Profil

0002-misc-allow-signed-token-to-login-view-28853.patch

Benjamin Dauvergne, 26 janvier 2022 16:01

Télécharger (1,4 ko)

Voir les différences: 

Subject: [PATCH 2/3] misc: allow signed token to login view (#28853)

It prevents messing with the login view from unauthorized parties.

 src/authentic2/utils/misc.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
src/authentic2/utils/misc.py
481 481 
    return continue_to_next_url(request, **kwargs)
482 482 

  		




  483
  483
  
    

  		




  484
  
  
    
def login_require(request, next_url=None, login_url='auth_login', service=None, login_hint=(), **kwargs):

  		




  
  484
  
    
def login_require(

  		




  
  485
  
    
    request, next_url=None, login_url='auth_login', service=None, login_hint=(), token=None, **kwargs

  		




  
  486
  
    
):

  		




  485
  487
  
    
    '''Require a login and come back to current URL'''

  		




  486
  488
  
    

  		




  487
  489
  
    
    next_url = next_url or request.get_full_path()

  		




  ......




  494
  496
  
    
    elif 'login-hint' in request.session:

  		




  495
  497
  
    
        # clear previous login-hint if present

  		




  496
  498
  
    
        del request.session['login-hint']

  		




  
  499
  
    
    if token:

  		




  
  500
  
    
        params['token'] = signing.dumps(token)

  		




  497
  501
  
    
    return redirect(request, login_url, **kwargs)

  		




  498
  502
  
    

  		




  499
  503
  
    

  		




  500
  
  
    
-