janeway icon indicating copy to clipboard operation
janeway copied to clipboard

Published 20 hours ago verified publisher icon BirkbeckCTP

Incorrect login redirect in some rare cases

Open joemull opened this issue 3 months ago • 0 comments

Problem

I was working on #3899 and realised that this function has a bug, though I don't think this code is ever run because we don't pass a string as login_redirect:

https://github.com/BirkbeckCTP/janeway/blob/4218c13fc3b8b6d453b8fc5b4e946f0ea2362c69/src/security/decorators.py#L48-L50

Line 49 should have login_redirect, probably?

To reproduce

  1. In dev, set login_redirect to a string inside base_check.
  2. Log out and try to access the manager page.
  3. Inspect the URL.

Here's the pdb output:

> /home/joe/git/janepr/src/security/decorators.py(51)base_check()
-> params = urlencode({"next": redirect})
(Pdb) n
> /home/joe/git/janepr/src/security/decorators.py(52)base_check()
-> return redirect('{0}?{1}'.format(reverse('core_login'), params))
(Pdb) params
'next=%3Cfunction+redirect+at+0x7ff153f1b010%3E'

joemull avatar Mar 19 '24 13:03 joemull