mirror/Plan
2
0
Fork 0
mirror of https://github.com/plan-player-analytics/Plan.git synced 2025-01-24 16:14:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

Prevent redirection to another website on login

Browse Source 
Affects issues:
- Fixed #1717
This commit is contained in:
Risto Lahtela 2021-01-24 12:21:02 +02:00
parent c44d3d7a7e
commit bd754c4445
2 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/resolver/auth/LoginPageResolver.java
View File

@ -31,8 +31,8 @@ import java.util.Optional;
@Singleton
public class LoginPageResolver implements NoAuthResolver {
private ResponseFactory responseFactory;
private Lazy<WebServer> webServer;
private final ResponseFactory responseFactory;
private final Lazy<WebServer> webServer;
@Inject
public LoginPageResolver(
@ -47,7 +47,8 @@ public class LoginPageResolver implements NoAuthResolver {
public Optional<Response> resolve(Request request) {
Optional<WebUser> user = request.getUser();
if (user.isPresent() || !webServer.get().isAuthRequired()) {
Optional<String> from = request.getQuery().get("from");
Optional<String> from = request.getQuery().get("from")
.filter(redirectBackTo -> !redirectBackTo.startsWith("http"));
return Optional.of(responseFactory.redirectResponse(from.orElse("/")));
}
return Optional.of(responseFactory.loginPageResponse());

2
Plan/common/src/main/resources/assets/plan/web/login.html
View File

@ -50,7 +50,7 @@
if (json && json.success) {
const urlParams = new URLSearchParams(window.location.search);
const cameFrom = urlParams.get('from');
window.location.href = cameFrom ? cameFrom : './';
window.location.href = cameFrom && !cameFrom.startsWith("http") ? cameFrom : './';
} else {
return displayError('Login failed: ' + json.error);
}