From 163b8873cccbabeaa35d92375498a52423a39216 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Wed, 26 Jan 2022 10:25:48 +0100 Subject: [PATCH 2/3] misc: allow signed token to login view (#28853) It prevents messing with the login view from unauthorized parties. --- src/authentic2/utils/misc.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/authentic2/utils/misc.py b/src/authentic2/utils/misc.py index 5bad9507..f8402ff9 100644 --- a/src/authentic2/utils/misc.py +++ b/src/authentic2/utils/misc.py @@ -477,7 +477,7 @@ def login(request, user, how, nonce=None, record=True, **kwargs): return continue_to_next_url(request, **kwargs) -def login_require(request, next_url=None, login_url='auth_login', login_hint=(), **kwargs): +def login_require(request, next_url=None, login_url='auth_login', login_hint=(), token=None, **kwargs): '''Require a login and come back to current URL''' next_url = next_url or request.get_full_path() @@ -488,6 +488,8 @@ def login_require(request, next_url=None, login_url='auth_login', login_hint=(), elif 'login-hint' in request.session: # clear previous login-hint if present del request.session['login-hint'] + if token: + params['token'] = crypto.dumps(token) return redirect(request, login_url, **kwargs) -- 2.34.1