apache · vincbeck · Jan 17, 2024 · Jan 17, 2024
@@ -116,7 +116,7 @@ def wraps(self, *args, **kwargs):
         else:
             log.warning(LOGMSG_ERR_SEC_ACCESS_DENIED, permission_str, self.__class__.__name__)
             flash(as_unicode(FLAMSG_ERR_SEC_ACCESS_DENIED), "danger")
-        return redirect(get_auth_manager().get_url_login(next=request.url))
+        return redirect(get_auth_manager().get_url_login(next_url=request.url))
 
     f._permission_name = permission_str
     return functools.update_wrapper(wraps, f)
@@ -173,7 +173,7 @@ def _has_access(*, is_authorized: bool, func: Callable, args, kwargs):
             403,
         )
     elif not get_auth_manager().is_logged_in():
-        return redirect(get_auth_manager().get_url_login(next=request.url))
+        return redirect(get_auth_manager().get_url_login(next_url=request.url))
     else:
         access_denied = get_access_denied_message()
         flash(access_denied, "danger")

diff --git a/tests/www/views/test_anonymous_as_admin_role.py b/tests/www/views/test_anonymous_as_admin_role.py
@@ -17,6 +17,8 @@
 # under the License.
 from __future__ import annotations
 
+from urllib.parse import quote_plus
+
 import pytest
 
 from airflow.models import Pool
@@ -54,7 +56,7 @@ def test_delete_pool_anonymous_user_no_role(anonymous_client, pool_factory):
     pool = pool_factory()
     resp = anonymous_client.post(f"pool/delete/{pool.id}")
     assert 302 == resp.status_code
-    assert "/login/" == resp.headers["Location"]
+    assert f"/login/?next={quote_plus(f'http://localhost/pool/delete/{pool.id}')}" == resp.headers["Location"]
 
 
 def test_delete_pool_anonymous_user_as_admin(anonymous_client_as_admin, pool_factory):