From 0e9c1c2740bfe895c92356128b8ac7efd2afb1a6 Mon Sep 17 00:00:00 2001
From: Josue Kouka <jkouka@entrouvert.com>
Date: Tue, 10 Oct 2017 17:35:40 +0200
Subject: [PATCH] allow redirection after sso (#19350)

---
 .../mandaye/templates/mandaye/post-login.html      |  2 +-
 mandayejs/mandaye/views.py                         |  8 ++++++--
 tests/test_mandayejs.py                            | 24 ++++++++++++++++++++++
 3 files changed, 31 insertions(+), 3 deletions(-)

diff --git a/mandayejs/mandaye/templates/mandaye/post-login.html b/mandayejs/mandaye/templates/mandaye/post-login.html
index 81dfeaa..fdf0fd5 100644
--- a/mandayejs/mandaye/templates/mandaye/post-login.html
+++ b/mandayejs/mandaye/templates/mandaye/post-login.html
@@ -6,7 +6,7 @@
 <body>
 	Please wait...
  <br/>
- <iframe id="post-login-frame" src="{% url 'post-login-do' %}" style="display: none;">
+ <iframe id="post-login-frame" src="{% url 'post-login-do' %}?next={{ next_url }}" style="display: none;">
  </iframe>
 </body>
 </html>
diff --git a/mandayejs/mandaye/views.py b/mandayejs/mandaye/views.py
index 34a1615..eac839a 100644
--- a/mandayejs/mandaye/views.py
+++ b/mandayejs/mandaye/views.py
@@ -95,8 +95,10 @@ def post_login(request, *args, **kwargs):
         logger.debug(credentials)
     except (UserCredentials.DoesNotExist,):
         return HttpResponseRedirect(resolve_url('associate'))
-
-    return render(request, 'mandaye/post-login.html', {})
+    next_url = ''
+    if request.GET.get('next', None):
+        next_url = request.GET['next']
+    return render(request, 'mandaye/post-login.html', {'next_url': next_url})
 
 
 @login_required
@@ -170,6 +172,8 @@ def post_login_do(request, *args, **kwargs):
         credentials.save()
         url = result.get('url', '/')
 
+    if request.GET.get('next'):
+        url = request.GET['next']
     template = Template('<script type="text/javascript">\
                 window.top.location = "{{url}}";</script>')
     context = RequestContext(request, {'url': url})
diff --git a/tests/test_mandayejs.py b/tests/test_mandayejs.py
index c464340..a999fa1 100644
--- a/tests/test_mandayejs.py
+++ b/tests/test_mandayejs.py
@@ -370,3 +370,27 @@ def test_enclosed_response(mocked_popen):
     mocked_popen.return_value = MockedPopen(expected_output=('<mandayejs></mandayejs>', None))
     result = exec_phantom(LOGIN_INFO)
     assert result['result'] == 'json_error'
+
+
+@mock.patch('mandayejs.mandaye.utils.subprocess.Popen')
+@mock.patch('mandayejs.applications.Test.SITE_LOCATORS', MOCKED_SITE_LOCATORS)
+def test_post_login_do_with_next_url(mocked_popen, user_john):
+    expected_output = {
+        "result": "redirect",
+        "reason": "password change required",
+        "url": "http://mydomain.com/update_password.aspx"
+    }
+    expected_output = '<mandayejs>%s</mandayejs>' % json.dumps(expected_output)
+    mocked_popen.return_value = MockedPopen(expected_output=(expected_output, None))
+
+    UserCredentials.objects.create(user=user_john,
+                                   locators={
+                                       'login': 'johnny', 'password': 'jumper',
+                                       'birth_date': '1995-06-11'})
+
+    request = RequestFactory()
+    url = '%s?next=http://example.net/' % reverse('post-login-do')
+    request = request.get(url)
+    request.user = user_john
+    response = post_login_do(request)
+    assert 'window.top.location = "http://example.net/"' in response.content
-- 
2.11.0