sartography/spiff-arena
1
0
Fork 0
mirror of https://github.com/sartography/spiff-arena.git synced 2025-01-12 10:34:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

allow valid url combos (#2148)

Browse Source 
Co-authored-by: burnettk <burnettk@users.noreply.github.com>
This commit is contained in:
Kevin Burnett 2024-11-17 23:37:23 +00:00 committed by GitHub
parent 334fd2e5eb
commit 4b19094aa5
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
spiffworkflow-backend/src/spiffworkflow_backend/routes/authentication_controller.py
View File

@ -114,7 +114,15 @@ def login(
task_guid: str | None = None,
) -> Response:
frontend_url = str(current_app.config.get("SPIFFWORKFLOW_BACKEND_URL_FOR_FRONTEND"))
if not redirect_url.startswith(frontend_url):
# strip either :80 and :443 off the end of the frontend url string
frontend_url = re.sub(r":(80|443)$", "", frontend_url)
# strip trailing slash off redirect_url, since we want
# redirect url http://localhost/ to be valid if the frontend url is http://localhost frontend, etc
redirect_url_for_check = redirect_url.rstrip("/")
if not redirect_url_for_check.startswith(frontend_url):
raise InvalidRedirectUrlError(
f"Invalid redirect url was given: '{redirect_url}'. It must start with the frontend url: '{frontend_url}'"
)