Project

General

Profile

Development #42822

trace sur reverse() sur URL passée en next=

Added by Frédéric Péters about 2 months ago. Updated about 1 month ago.

Status:
Solution déployée
Priority:
Normal
Target version:
-
Start date:
13 May 2020
Due date:
% Done:

0%

Hors marché:
No
Patch proposed:
Yes
Planning:
No

Description

File "/usr/lib/python2.7/dist-packages/authentic2_auth_fc/views.py" in dispatch
  267.                 return self.redirect(request)

File "/usr/lib/python2.7/dist-packages/authentic2_auth_fc/views.py" in redirect
  201.             return self.simple_redirect(request, next_url, *args, **kwargs)

File "/usr/lib/python2.7/dist-packages/authentic2_auth_fc/views.py" in simple_redirect
  191.         return a2_utils.redirect(request, next_url, *args, **kwargs)

File "/usr/lib/python2.7/dist-packages/authentic2/utils/__init__.py" in redirect
  354.                    include=include, exclude=exclude, fragment=fragment, resolve=resolve)

File "/usr/lib/python2.7/dist-packages/authentic2/utils/__init__.py" in make_url
  295.         url = resolve_url(to, *args, **kwargs)

File "/usr/lib/python2.7/dist-packages/django/shortcuts.py" in resolve_url
  147.         return reverse(to, args=args, kwargs=kwargs)

File "/usr/lib/python2.7/dist-packages/django/urls/base.py" in reverse
  91.     return force_text(iri_to_uri(resolver._reverse_with_prefix(view, prefix, *args, **kwargs)))

File "/usr/lib/python2.7/dist-packages/django/urls/resolvers.py" in _reverse_with_prefix
  497.         raise NoReverseMatch(msg)

Exception Type: NoReverseMatch at /fc/callback/
Exception Value: Reverse for 'JJJ72QQQ' not found. 'JJJ72QQQ' is not a valid view function or pattern name.

0001-auth_fc-do-not-resolve-next-url-42822.patch View (1.51 KB) Benjamin Dauvergne, 15 May 2020 03:36 PM

0001-auth_fc-do-not-resolve-next-url-42822.patch View (1.53 KB) Benjamin Dauvergne, 15 May 2020 05:21 PM

Associated revisions

Revision eb83cad1 (diff)
Added by Benjamin Dauvergne about 2 months ago

auth_fc: do not resolve next url (#42822)

History

#1 Updated by Benjamin Dauvergne about 2 months ago

  • Assignee set to Benjamin Dauvergne

#2 Updated by Benjamin Dauvergne about 2 months ago

#3 Updated by Nicolas Roche about 2 months ago

Le patch ne s'applique pas chez moi :

$ pwd
/home/nroche/src/authentic

$ git am ~/Téléchargements/0001-auth_fc-do-not-resolve-next-url-42822.patch
Application de  auth_fc: do not resolve next url (#42822)
error: authentic2_auth_fc/views.py : n'existe pas dans l'index
error: auth_fc/test_auth_fc.py : n'existe pas dans l'index
le patch a échoué à 0001 auth_fc: do not resolve next url (#42822)

#4 Updated by Benjamin Dauvergne about 2 months ago

Je dirai que tu as un problème alors car le patch est fait sur master.

#5 Updated by Thomas Noël about 2 months ago

Benjamin Dauvergne a écrit :

Je dirai que tu as un problème alors car le patch est fait sur master.

Vérifier ton outil Benj, le patch est effectivement inapplicable. Il lui manque des a/ et b/ comme d'habitude...

thomas@zepo:~/.../src/authentic [master|✔]$ git pull -r
Already up to date.
Current branch master is up to date.

thomas@zepo:~/.../src/authentic [master|✔]$ git am /tmp/0001-auth_fc-do-not-resolve-next-url-42822.patch
Applying: auth_fc: do not resolve next url (#42822)
error: authentic2_auth_fc/views.py: does not exist in index
error: auth_fc/test_auth_fc.py: does not exist in index
Patch failed at 0001 auth_fc: do not resolve next url (#42822)

#6 Updated by Benjamin Dauvergne about 2 months ago

Thomas Noël a écrit :

Vérifier ton outil Benj, le patch est effectivement inapplicable. Il lui manque des a/ et b/ comme d'habitude...

Comme d'habitude ? C'est la première fois qu'on me le signale.

#8 Updated by Nicolas Roche about 2 months ago

  • Status changed from Solution proposée to Solution validée

(La correction est ciblée et n'affecte que l'url callback fc-login-or-link.)

#9 Updated by Benjamin Dauvergne about 2 months ago

Nicolas Roche a écrit :

(La correction est ciblée et n'affecte que l'url callback fc-login-or-link.)

On pourrait faire le tour des autres redirect, voir mettre resolve=False par défaut. S'agissant d'une non faille de sécurité je ne vais pas aller plus loin.

#10 Updated by Benjamin Dauvergne about 2 months ago

  • Status changed from Solution validée to Résolu (à déployer)
commit eb83cad1f521301e30bbc72350d4a738ae5a5250
Author: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date:   Fri May 15 15:35:48 2020 +0200

    auth_fc: do not resolve next url (#42822)

#11 Updated by Thomas Noël about 2 months ago

Benjamin Dauvergne a écrit :

Thomas Noël a écrit :

Vérifier ton outil Benj, le patch est effectivement inapplicable. Il lui manque des a/ et b/ comme d'habitude...

Comme d'habitude ? C'est la première fois qu'on me le signale.

Oups, j'aurais du écrire : « comme git format-patch fait d'habitude »

#12 Updated by Frédéric Péters about 1 month ago

  • Status changed from Résolu (à déployer) to Solution déployée

Also available in: Atom PDF