From dcb4b40b39152d1c9e865f6c87e35d4e40403a34 Mon Sep 17 00:00:00 2001 From: Benjamin Dauvergne Date: Sat, 3 Oct 2020 07:22:08 +0200 Subject: [PATCH] misc: add registration redirect URL to whitelist (#47302) --- src/authentic2/utils/__init__.py | 6 ++++++ src/authentic2_auth_fc/views.py | 5 ++++- 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/src/authentic2/utils/__init__.py b/src/authentic2/utils/__init__.py index 56052c2ca..a7d17944f 100644 --- a/src/authentic2/utils/__init__.py +++ b/src/authentic2/utils/__init__.py @@ -921,6 +921,12 @@ def good_next_url(request, next_url): for origin in app_settings.A2_REDIRECT_WHITELIST: if same_origin(next_url, origin): return True + if app_settings.A2_REGISTRATION_REDIRECT: + origin = app_settings.A2_REGISTRATION_REDIRECT + if isinstance(origin, (tuple, list)): + origin = origin[0] + if same_origin(next_url, origin): + return True result = hooks.call_hooks_first_result('good_next_url', next_url) if result is not None: return result diff --git a/src/authentic2_auth_fc/views.py b/src/authentic2_auth_fc/views.py index 2dd18e408..46eb156a0 100644 --- a/src/authentic2_auth_fc/views.py +++ b/src/authentic2_auth_fc/views.py @@ -579,7 +579,10 @@ class UnlinkView(LoggerMixin, FormView): hooks.call_hooks('event', name='fc-unlink', user=self.request.user) messages.info(self.request, _('The link with the FranceConnect account has been deleted.')) links.delete() - return super(UnlinkView, self).form_valid(form) + response = super(UnlinkView, self).form_valid(form) + if app_settings.logout_when_unlink: + response.display_message = False + return response def get_context_data(self, **kwargs): context = super(UnlinkView, self).get_context_data(**kwargs)