Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page when LOGOUT_REDIRECT_URL is set.
This commit is contained in:
parent
fe7cb34544
commit
5591a72571
|
@ -175,6 +175,9 @@ class LogoutView(SuccessURLAllowedHostsMixin, TemplateView):
|
||||||
# Security check -- Ensure the user-originating redirection URL is
|
# Security check -- Ensure the user-originating redirection URL is
|
||||||
# safe.
|
# safe.
|
||||||
if not url_is_safe:
|
if not url_is_safe:
|
||||||
|
if settings.LOGOUT_REDIRECT_URL:
|
||||||
|
next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
|
||||||
|
else:
|
||||||
next_page = self.request.path
|
next_page = self.request.path
|
||||||
return next_page
|
return next_page
|
||||||
|
|
||||||
|
|
|
@ -1335,6 +1335,12 @@ class LogoutTest(AuthViewsTestCase):
|
||||||
response = self.client.post("/logout/")
|
response = self.client.post("/logout/")
|
||||||
self.assertRedirects(response, "/custom/", fetch_redirect_response=False)
|
self.assertRedirects(response, "/custom/", fetch_redirect_response=False)
|
||||||
|
|
||||||
|
@override_settings(LOGOUT_REDIRECT_URL="/custom/")
|
||||||
|
def test_logout_redirect_url_setting_allowed_hosts_unsafe_host(self):
|
||||||
|
self.login()
|
||||||
|
response = self.client.post("/logout/allowed_hosts/?next=https://evil/")
|
||||||
|
self.assertRedirects(response, "/custom/", fetch_redirect_response=False)
|
||||||
|
|
||||||
@override_settings(LOGOUT_REDIRECT_URL="logout")
|
@override_settings(LOGOUT_REDIRECT_URL="logout")
|
||||||
def test_logout_redirect_url_named_setting(self):
|
def test_logout_redirect_url_named_setting(self):
|
||||||
self.login()
|
self.login()
|
||||||
|
|
Loading…
Reference in New Issue