Fix absolute redirect
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
This commit is contained in:
parent
b68680596d
commit
6c49dc2d1f
|
@ -260,7 +260,7 @@ class LoginController extends Controller {
|
||||||
|
|
||||||
private function generateRedirect(?string $redirectUrl): RedirectResponse {
|
private function generateRedirect(?string $redirectUrl): RedirectResponse {
|
||||||
if ($redirectUrl !== null && $this->userSession->isLoggedIn()) {
|
if ($redirectUrl !== null && $this->userSession->isLoggedIn()) {
|
||||||
$location = $this->urlGenerator->getAbsoluteURL(urldecode($redirectUrl));
|
$location = $this->urlGenerator->getAbsoluteURL($redirectUrl);
|
||||||
// Deny the redirect if the URL contains a @
|
// Deny the redirect if the URL contains a @
|
||||||
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
|
// This prevents unvalidated redirects like ?redirect_url=:user@domain.com
|
||||||
if (strpos($location, '@') === false) {
|
if (strpos($location, '@') === false) {
|
||||||
|
|
|
@ -509,7 +509,7 @@ class LoginControllerTest extends TestCase {
|
||||||
->method('getUID')
|
->method('getUID')
|
||||||
->willReturn('jane');
|
->willReturn('jane');
|
||||||
$password = 'secret';
|
$password = 'secret';
|
||||||
$originalUrl = 'another%20url';
|
$originalUrl = 'another url';
|
||||||
$redirectUrl = 'http://localhost/another url';
|
$redirectUrl = 'http://localhost/another url';
|
||||||
|
|
||||||
$this->request
|
$this->request
|
||||||
|
@ -551,7 +551,7 @@ class LoginControllerTest extends TestCase {
|
||||||
$this->request,
|
$this->request,
|
||||||
$user,
|
$user,
|
||||||
$password,
|
$password,
|
||||||
'%2Fapps%2Fmail'
|
'/apps/mail'
|
||||||
);
|
);
|
||||||
$loginResult = LoginResult::success($loginData);
|
$loginResult = LoginResult::success($loginData);
|
||||||
$this->chain->expects($this->once())
|
$this->chain->expects($this->once())
|
||||||
|
@ -563,11 +563,11 @@ class LoginControllerTest extends TestCase {
|
||||||
->willReturn(true);
|
->willReturn(true);
|
||||||
$this->urlGenerator->expects($this->once())
|
$this->urlGenerator->expects($this->once())
|
||||||
->method('getAbsoluteURL')
|
->method('getAbsoluteURL')
|
||||||
->with(urldecode('/apps/mail'))
|
->with('/apps/mail')
|
||||||
->willReturn($redirectUrl);
|
->willReturn($redirectUrl);
|
||||||
$expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl);
|
$expected = new \OCP\AppFramework\Http\RedirectResponse($redirectUrl);
|
||||||
|
|
||||||
$response = $this->loginController->tryLogin($user, $password, '%2Fapps%2Fmail');
|
$response = $this->loginController->tryLogin($user, $password, '/apps/mail');
|
||||||
|
|
||||||
$this->assertEquals($expected, $response);
|
$this->assertEquals($expected, $response);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue