Incorrect login redirect in some rare cases #4042

joemull · 2024-03-19T13:34:59Z

Problem

I was working on #3899 and realised that this function has a bug, though I don't think this code is ever run because we don't pass a string as login_redirect:

janeway/src/security/decorators.py

Lines 48 to 50 in 4218c13

    
           elif isinstance(login_redirect, str): 
        
               params = urlencode({"next": redirect}) 
        
               return redirect('{0}?{1}'.format(reverse('core_login'), params))

Line 49 should have login_redirect, probably?

To reproduce

In dev, set login_redirect to a string inside base_check.
Log out and try to access the manager page.
Inspect the URL.

Here's the pdb output:

> /home/joe/git/janepr/src/security/decorators.py(51)base_check()
-> params = urlencode({"next": redirect})
(Pdb) n
> /home/joe/git/janepr/src/security/decorators.py(52)base_check()
-> return redirect('{0}?{1}'.format(reverse('core_login'), params))
(Pdb) params
'next=%3Cfunction+redirect+at+0x7ff153f1b010%3E'

The text was updated successfully, but these errors were encountered:

joemull added the bug Something's not working label Mar 19, 2024

joemull self-assigned this Jun 20, 2024

joemull added t-shirt S Small medium labels Jun 20, 2024

joemull added a commit that referenced this issue Jul 10, 2024

Fix bug that garbled redirect query string #4042 #3899

ad1d073

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Incorrect login redirect in some rare cases #4042

Incorrect login redirect in some rare cases #4042

joemull commented Mar 19, 2024

Incorrect login redirect in some rare cases #4042

Incorrect login redirect in some rare cases #4042

Comments

joemull commented Mar 19, 2024

Problem

To reproduce