mirror of
https://github.com/volatiletech/authboss.git
synced 2025-02-03 13:21:22 +02:00
Add redir override. All redirects now occur through render.Redirect
This commit is contained in:
Kris Runzer
parent
c956141007
commit
db1eb3a9a8
@ -70,7 +70,8 @@ func (a *Auth) loginHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r
|
||||
case methodGET:
|
||||
if _, ok := ctx.SessionStorer.Get(authboss.SessionKey); ok {
|
||||
if halfAuthed, ok := ctx.SessionStorer.Get(authboss.SessionHalfAuthKey); !ok || halfAuthed == "false" {
|
||||
http.Redirect(w, r, authboss.Cfg.AuthLoginOKPath, http.StatusFound)
|
||||
//http.Redirect(w, r, authboss.Cfg.AuthLoginOKPath, http.StatusFound, true)
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.AuthLoginOKPath, "", "", true)
|
||||
return nil
|
||||
}
|
||||
}
|
||||
@ -114,7 +115,7 @@ func (a *Auth) loginHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r
|
||||
case authboss.InterruptAccountNotConfirmed:
|
||||
reason = "Your account has not been confirmed."
|
||||
}
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.AuthLoginFailPath, "", reason)
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.AuthLoginFailPath, "", reason, false)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -124,7 +125,7 @@ func (a *Auth) loginHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r
|
||||
if err := authboss.Cfg.Callbacks.FireAfter(authboss.EventAuth, ctx); err != nil {
|
||||
return err
|
||||
}
|
||||
http.Redirect(w, r, authboss.Cfg.AuthLoginOKPath, http.StatusFound)
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.AuthLoginOKPath, "", "", true)
|
||||
default:
|
||||
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||
}
|
||||
@ -156,7 +157,7 @@ func (a *Auth) logoutHandlerFunc(ctx *authboss.Context, w http.ResponseWriter, r
|
||||
ctx.CookieStorer.Del(authboss.CookieRemember)
|
||||
ctx.SessionStorer.Del(authboss.SessionLastAction)
|
||||
|
||||
http.Redirect(w, r, authboss.Cfg.AuthLogoutOKPath, http.StatusFound)
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.AuthLogoutOKPath, "", "", true)
|
||||
default:
|
||||
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||
}
|
||||
|
||||
@ -188,7 +188,7 @@ func (c *Confirm) confirmHandler(ctx *authboss.Context, w http.ResponseWriter, r
|
||||
}
|
||||
|
||||
ctx.SessionStorer.Put(authboss.SessionKey, key)
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.RegisterOKPath, "You have successfully confirmed your account.", "")
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.RegisterOKPath, "You have successfully confirmed your account.", "", true)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -138,7 +138,11 @@ func RenderEmail(email authboss.Email, htmlTpls Templates, nameHTML string, text
|
||||
}
|
||||
|
||||
// Redirect sets any flash messages given and redirects the user.
|
||||
func Redirect(ctx *authboss.Context, w http.ResponseWriter, r *http.Request, path, flashSuccess, flashError string) {
|
||||
func Redirect(ctx *authboss.Context, w http.ResponseWriter, r *http.Request, path, flashSuccess, flashError string, overrideableRedir bool) {
|
||||
if redir := r.FormValue("redir"); redir != "" && overrideableRedir {
|
||||
path = redir
|
||||
}
|
||||
|
||||
if len(flashSuccess) > 0 {
|
||||
ctx.SessionStorer.Put(authboss.FlashSuccessKey, flashSuccess)
|
||||
}
|
||||
|
||||
@ -124,7 +124,7 @@ func TestRedirect(t *testing.T) {
|
||||
ctx, _ := authboss.ContextFromRequest(r)
|
||||
ctx.SessionStorer = cookies
|
||||
|
||||
Redirect(ctx, w, r, "/", "success", "failure")
|
||||
Redirect(ctx, w, r, "/", "success", "failure", false)
|
||||
|
||||
if w.Code != http.StatusFound {
|
||||
t.Error("Expected a redirect.")
|
||||
@ -141,3 +141,29 @@ func TestRedirect(t *testing.T) {
|
||||
t.Error("Flash failure msg wrong:", val)
|
||||
}
|
||||
}
|
||||
|
||||
func TestRedirect_Ovveride(t *testing.T) {
|
||||
cookies := mocks.NewMockClientStorer()
|
||||
|
||||
r, _ := http.NewRequest("GET", "http://localhost?redir=foo/bar", nil)
|
||||
w := httptest.NewRecorder()
|
||||
ctx, _ := authboss.ContextFromRequest(r)
|
||||
ctx.SessionStorer = cookies
|
||||
|
||||
Redirect(ctx, w, r, "/shouldNotGo", "success", "failure", true)
|
||||
|
||||
if w.Code != http.StatusFound {
|
||||
t.Error("Expected a redirect.")
|
||||
}
|
||||
|
||||
if w.Header().Get("Location") != "/foo/bar" {
|
||||
t.Error("Expected to be redirected to root.")
|
||||
}
|
||||
|
||||
if val, _ := cookies.Get(authboss.FlashSuccessKey); val != "success" {
|
||||
t.Error("Flash success msg wrong:", val)
|
||||
}
|
||||
if val, _ := cookies.Get(authboss.FlashErrorKey); val != "failure" {
|
||||
t.Error("Flash failure msg wrong:", val)
|
||||
}
|
||||
}
|
||||
|
||||
@ -14,6 +14,7 @@ import (
|
||||
|
||||
"golang.org/x/oauth2"
|
||||
"gopkg.in/authboss.v0"
|
||||
"gopkg.in/authboss.v0/internal/render"
|
||||
)
|
||||
|
||||
var (
|
||||
@ -218,7 +219,8 @@ func oauthCallback(ctx *authboss.Context, w http.ResponseWriter, r *http.Request
|
||||
redirect = fmt.Sprintf("%s?%s", redirect, query.Encode())
|
||||
}
|
||||
|
||||
http.Redirect(w, r, redirect, http.StatusFound)
|
||||
sf := fmt.Sprintf("Logged in successfully with %s.", strings.Title(provider))
|
||||
render.Redirect(ctx, w, r, redirect, sf, "", false)
|
||||
return nil
|
||||
}
|
||||
|
||||
@ -229,7 +231,7 @@ func logout(ctx *authboss.Context, w http.ResponseWriter, r *http.Request) error
|
||||
ctx.CookieStorer.Del(authboss.CookieRemember)
|
||||
ctx.SessionStorer.Del(authboss.SessionLastAction)
|
||||
|
||||
http.Redirect(w, r, authboss.Cfg.AuthLogoutOKPath, http.StatusFound)
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.AuthLogoutOKPath, "You have logged out", "", true)
|
||||
default:
|
||||
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||
}
|
||||
|
||||
@ -168,7 +168,7 @@ func (rec *Recover) startHandlerFunc(ctx *authboss.Context, w http.ResponseWrite
|
||||
goRecoverEmail(rec, email, encodedToken)
|
||||
|
||||
ctx.SessionStorer.Put(authboss.FlashSuccessKey, recoverInitiateSuccessFlash)
|
||||
http.Redirect(w, r, authboss.Cfg.RecoverOKPath, http.StatusFound)
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.RecoverOKPath, "", "", true)
|
||||
default:
|
||||
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||
}
|
||||
@ -266,7 +266,7 @@ func (r *Recover) completeHandlerFunc(ctx *authboss.Context, w http.ResponseWrit
|
||||
}
|
||||
|
||||
ctx.SessionStorer.Put(authboss.SessionKey, primaryID)
|
||||
http.Redirect(w, req, authboss.Cfg.AuthLoginOKPath, http.StatusFound)
|
||||
render.Redirect(ctx, w, req, authboss.Cfg.AuthLoginOKPath, "", "", true)
|
||||
default:
|
||||
w.WriteHeader(http.StatusMethodNotAllowed)
|
||||
}
|
||||
|
||||
@ -117,12 +117,12 @@ func (reg *Register) registerPostHandler(ctx *authboss.Context, w http.ResponseW
|
||||
}
|
||||
|
||||
if authboss.IsLoaded("confirm") {
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.RegisterOKPath, "Account successfully created, please verify your e-mail address.", "")
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.RegisterOKPath, "Account successfully created, please verify your e-mail address.", "", true)
|
||||
return nil
|
||||
}
|
||||
|
||||
ctx.SessionStorer.Put(authboss.SessionKey, key)
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.RegisterOKPath, "Account successfully created, you are now logged in.", "")
|
||||
render.Redirect(ctx, w, r, authboss.Cfg.RegisterOKPath, "Account successfully created, you are now logged in.", "", true)
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user