0001-general-don-t-use-session-for-after_url-persistence-.patch
| extra/modules/root.py | ||
|---|---|---|
| 666 | 666 |
ident_methods = get_cfg('identification', {}).get('methods', [])
|
| 667 | 667 | |
| 668 | 668 |
if get_request().form.get('ReturnUrl'):
|
| 669 |
get_session().after_url = get_request().form.get('ReturnUrl')
|
|
| 669 |
get_request().form['next'] = get_request().form.pop('ReturnUrl')
|
|
| 670 | 670 | |
| 671 | 671 |
if 'IsPassive' in get_request().form and 'idp' in ident_methods: |
| 672 | 672 |
# if isPassive is given in query parameters, we restrict ourselves |
| ... | ... | |
| 678 | 678 |
# possibility of SSO, if we got there as a consequence of an access |
| 679 | 679 |
# unauthorized url on admin/ or backoffice/, then idp auth method |
| 680 | 680 |
# is chosen forcefully. |
| 681 |
after_url = get_session().after_url
|
|
| 681 |
after_url = get_request().form.get('next')
|
|
| 682 | 682 |
if after_url: |
| 683 | 683 |
root_url = get_publisher().get_root_url() |
| 684 | 684 |
after_path = urlparse.urlparse(after_url)[2] |
| 685 |
- |
|