utils: decode redirect target

inveniosoftware · Apr 15, 2020 · 59e6738 · 59e6738
1 parent aee0453
commit 59e6738
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/invenio_oauthclient/utils.py b/invenio_oauthclient/utils.py
@@ -158,9 +158,9 @@ def get_safe_redirect_target(arg='next'):
                 return target
             elif redirect_uri.path:
                 return uricompose(
-                    path=redirect_uri.path,
-                    query=redirect_uri.query,
-                    fragment=redirect_uri.fragment
+                    path=redirect_uri.getpath(),
+                    query=redirect_uri.getquery(),
+                    fragment=redirect_uri.getfragment()
                 )
     return None
 

diff --git a/tests/test_utils.py b/tests/test_utils.py
@@ -184,6 +184,9 @@ def test_registrationform_userprofile_disable_csrf(app_with_userprofiles_csrf,
      '/search?page=1&size=20'),
     ('https://localhost/search?page=1',
      'https://localhost/search?page=1'),
+    # previously encoded parameter
+    ('/oauth/authorize?redirect_uri=http%3A%2F%2F127.0.0.1%3A5100%2Fauthorize',
+     '/oauth/authorize?redirect_uri=http://127.0.0.1:5100/authorize'),
 ])
 def test_get_safe_redirect_target(app, test_input, expected):
     with app.test_request_context(