feat: Update to redirect to to on logout
#113
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
RulaKhaled
force-pushed
the
update-to-redirect-on-url
branch
from
6431b17
to
ac868b8
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| @@ -4,7 +4,8 @@ | |||
|
|
|||
|
|
|||
| def logout_view(request, **kwargs): | |||
| response = redirect("/") | |||
| redirect_url = request.GET.get("to", "/") | |||
| response = redirect(redirect_url) | |||
Check warning
Code scanning / CodeQL
URL redirection from remote source Medium
There was a problem hiding this comment.
Not really sure any way around this other than whitelisting the set of valid URLs here. Risk seems minimal to me though.
There was a problem hiding this comment.
i think it's fine too, we're logging the user out / not returning any data from DB.
Codecov Report
@@ Coverage Diff @@
## main #113 +/- ##
=====================================
Coverage 95.29 95.29
=====================================
Files 701 701
Lines 14876 14877 +1
=====================================
+ Hits 14175 14176 +1
Misses 701 701
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Codecov ReportPatch coverage is
📢 Thoughts on this report? Let us know!. |
scott-codecov
approved these changes
Sep 7, 2023
| @@ -4,7 +4,8 @@ | |||
|
|
|||
|
|
|||
| def logout_view(request, **kwargs): | |||
| response = redirect("/") | |||
| redirect_url = request.GET.get("to", "/") | |||
| response = redirect(redirect_url) | |||
There was a problem hiding this comment.
Not really sure any way around this other than whitelisting the set of valid URLs here. Risk seems minimal to me though.
trent-codecov
added a commit
that referenced
this pull request
Sep 7, 2023
* ImportError: cannot import name should_write_data_to_storage_config_c… (#104) * ImportError: cannot import name should_write_data_to_storage_config_check * Update VERSION * feat: Django command to enqueue commit backfill tasks (#102) * feat: Django command to enqueue commit backfill tasks * Fetch only commit id and commitid * chore: Update Sentry config keys to be more consistent with other services (#103) * Fix/config error enterprise (#107) * Fix config error * Fix config error * Add RiskyAlterField to utils/migrations (#93) * Add RiskyAlterField to utils/migrations * Remove duplicate RiskyAddField class Signed-off-by: joseph-sentry <joseph.sawaya@sentry.io> * feat: support gh refresh tokens (#85) Depends on codecov/shared#27 Adds support for github app refresh tokens only include token refresh callback if token is from owner * Make uses_invoice field on Owner(#92) * Add uses_invoice field to Owner using RiskyAddField * Set default to False for uses_invoice field on Owner * Make uses_invoice field in Owner non-nullable * Fix uses_invoice column migrations Signed-off-by: joseph-sentry <joseph.sawaya@sentry.io> * fix: Include impacted files with no coverage diff and no indirect changes in direct changes list (#114) * Add 23.9.5 migration * update to handle to redirects (#113) * Adjust donwload_url link (#115) * Add changes for monthly uploads to account for trialing customer (#101) * Add changes for monthly uploads to account for trialing customer * Adjust filtering logic when trialing * Add 23.9.5 migration --------- Signed-off-by: joseph-sentry <joseph.sawaya@sentry.io> Co-authored-by: scott-codecov <scott@codecov.io> Co-authored-by: joseph-sentry <136376984+joseph-sentry@users.noreply.github.com> Co-authored-by: Giovanni M Guidini <99758426+giovanni-guidini@users.noreply.github.com> Co-authored-by: Rula Abuhasna <91732700+RulaKhaled@users.noreply.github.com> Co-authored-by: Adrian <adrian@codecov.io>
trent-codecov
added a commit
that referenced
this pull request
Sep 7, 2023
* ImportError: cannot import name should_write_data_to_storage_config_c… (#104) * ImportError: cannot import name should_write_data_to_storage_config_check * Update VERSION * feat: Django command to enqueue commit backfill tasks (#102) * feat: Django command to enqueue commit backfill tasks * Fetch only commit id and commitid * chore: Update Sentry config keys to be more consistent with other services (#103) * Fix/config error enterprise (#107) * Fix config error * Fix config error * Add RiskyAlterField to utils/migrations (#93) * Add RiskyAlterField to utils/migrations * Remove duplicate RiskyAddField class Signed-off-by: joseph-sentry <joseph.sawaya@sentry.io> * feat: support gh refresh tokens (#85) Depends on codecov/shared#27 Adds support for github app refresh tokens only include token refresh callback if token is from owner * Make uses_invoice field on Owner(#92) * Add uses_invoice field to Owner using RiskyAddField * Set default to False for uses_invoice field on Owner * Make uses_invoice field in Owner non-nullable * Fix uses_invoice column migrations Signed-off-by: joseph-sentry <joseph.sawaya@sentry.io> * fix: Include impacted files with no coverage diff and no indirect changes in direct changes list (#114) * Add 23.9.5 migration * update to handle to redirects (#113) * Adjust donwload_url link (#115) * Add changes for monthly uploads to account for trialing customer (#101) * Add changes for monthly uploads to account for trialing customer * Adjust filtering logic when trialing * Add 23.9.5 migration --------- Signed-off-by: joseph-sentry <joseph.sawaya@sentry.io> Co-authored-by: scott-codecov <scott@codecov.io> Co-authored-by: joseph-sentry <136376984+joseph-sentry@users.noreply.github.com> Co-authored-by: Giovanni M Guidini <99758426+giovanni-guidini@users.noreply.github.com> Co-authored-by: Rula Abuhasna <91732700+RulaKhaled@users.noreply.github.com> Co-authored-by: Adrian <adrian@codecov.io>
scott-codecov
added a commit
that referenced
this pull request
Sep 13, 2023
* main: (58 commits) Adding beginnings of GHA CI (#127) feat: Filter flags by flags for pathContents (#128) Create checkbox in Owner form in Django admin to set uses_invoice (#109) build(deps): bump certifi from 2020.6.20 to 2023.7.22 (#32) Feature/no compile (#126) Bump django from 4.2.2 to 4.2.3 (#42) Don't compile since source is available (#106) feat: Add firstPull resolver to GraphQL pull type (#108) chore: Upgrade requests and redis dependencies (#124) Update LICENSE (#122) Attempt migration (#121) 359 adjust monthly uploads for trialled customers (#119) Add changes for monthly uploads to account for trialing customer (#101) Adjust donwload_url link (#115) update to handle to redirects (#113) fix: Include impacted files with no coverage diff and no indirect changes in direct changes list (#114) Make uses_invoice field on Owner(#92) feat: support gh refresh tokens (#85) Add RiskyAlterField to utils/migrations (#93) Fix/config error enterprise (#107) ...
scott-codecov
added a commit
that referenced
this pull request
Sep 13, 2023
* main: (58 commits) Adding beginnings of GHA CI (#127) feat: Filter flags by flags for pathContents (#128) Create checkbox in Owner form in Django admin to set uses_invoice (#109) build(deps): bump certifi from 2020.6.20 to 2023.7.22 (#32) Feature/no compile (#126) Bump django from 4.2.2 to 4.2.3 (#42) Don't compile since source is available (#106) feat: Add firstPull resolver to GraphQL pull type (#108) chore: Upgrade requests and redis dependencies (#124) Update LICENSE (#122) Attempt migration (#121) 359 adjust monthly uploads for trialled customers (#119) Add changes for monthly uploads to account for trialing customer (#101) Adjust donwload_url link (#115) update to handle to redirects (#113) fix: Include impacted files with no coverage diff and no indirect changes in direct changes list (#114) Make uses_invoice field on Owner(#92) feat: support gh refresh tokens (#85) Add RiskyAlterField to utils/migrations (#93) Fix/config error enterprise (#107) ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Purpose/Motivation
What is the feature? Why is this being done?
Currently when you log out from the API it returns you to / however that's still on the API URL creating some issues for the user. It would be best for us to redirect the user to the root route of the URL they just came from.
codecov/engineering-team#422
Links to relevant tickets
What does this PR do?
Include a brief description of the changes in this PR. Bullet points are your friend.
Notes to Reviewer
Anything to note to the team? Any tips on how to review, or where to start?
Legal Boilerplate
Look, I get it. The entity doing business as "Sentry" was incorporated in the State of Delaware in 2015 as Functional Software, Inc. In 2022 this entity acquired Codecov and as result Sentry is going to need some rights from me in order to utilize my contributions in this PR. So here's the deal: I retain all rights, title and interest in and to my contributions, and by keeping this boilerplate intact I confirm that Sentry can use, modify, copy, and redistribute my contributions, under Sentry's choice of terms.