Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-02-26 16:41:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #9348 incorrect redirect via connect-ensure-login

Browse Source
This commit is contained in:
Julian Lam
2021-03-04 10:16:16 -05:00
parent b2c1b4ac45
commit fbe9215b17
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/controllers/index.js
View File

@@ -97,7 +97,6 @@ Controllers.login = async function (req, res) {
const loginStrategies = require('../routes/authentication').getLoginStrategies(); const loginStrategies = require('../routes/authentication').getLoginStrategies();
const registrationType = meta.config.registrationType || 'normal'; const registrationType = meta.config.registrationType || 'normal';
const allowLoginWith = (meta.config.allowLoginWith || 'username-email'); const allowLoginWith = (meta.config.allowLoginWith || 'username-email');
const returnTo = (req.headers['x-return-to'] || '').replace(nconf.get('base_url') + nconf.get('relative_path'), '');
let errorText; let errorText;
if (req.query.error === 'csrf-invalid') { if (req.query.error === 'csrf-invalid') {
@@ -106,10 +105,13 @@ Controllers.login = async function (req, res) {
errorText = validator.escape(String(req.query.error)); errorText = validator.escape(String(req.query.error));
} }
if (returnTo) { if (req.headers['x-return-to']) {
req.session.returnTo = returnTo; req.session.returnTo = req.headers['x-return-to'];
} }
// Occasionally, x-return-to is passed a full url. Also, connect-ensure-login passes the relative path. Strip both.
req.session.returnTo = req.session.returnTo.replace(nconf.get('base_url'), '').replace(nconf.get('relative_path'), '');
data.alternate_logins = loginStrategies.length > 0; data.alternate_logins = loginStrategies.length > 0;
data.authentication = loginStrategies; data.authentication = loginStrategies;
data.allowRegistration = registrationType === 'normal'; data.allowRegistration = registrationType === 'normal';