fix: redirect after login

fix sanitise redirect test for redirect after login
2020-05-13 21:22:08 +05:30 · 2020-05-13 21:22:08 +05:30 · 9bba3154bc
commit 9bba3154bc
parent 977e6c23f2
2 changed files with 18 additions and 1 deletions
--- a/cypress/integration/login.js
+++ b/cypress/integration/login.js
@ -38,4 +38,21 @@ context('Login', () => {
 		cy.location('pathname').should('eq', '/desk');
 		cy.window().its('frappe.session.user').should('eq', 'Administrator');
 	});
+
+	it('check redirect after login', () => {
+		const payload = new URLSearchParams({
+			uuid: '6fed1519-cfd8-4a2d-84a6-9a1799c7c741',
+			encoded_string: 'hello all',
+			encoded_url: 'http://test.localhost/callback',
+			base64_string: 'aGVsbG8gYWxs'
+		});
+
+		cy.request('/api/method/logout');
+		cy.visit('/login?redirect-to=/me?' + encodeURIComponent(payload.toString()));
+		cy.get('#login_email').type('Administrator');
+		cy.get('#login_password').type(Cypress.config('adminPassword'));
+
+		cy.get('.btn-login').click();
+		cy.url().should('include', '/me?' + payload.toString());
+	});
 });
--- a/frappe/public/js/frappe/utils/common.js
+++ b/frappe/public/js/frappe/utils/common.js
@ -276,7 +276,7 @@ frappe.utils.sanitise_redirect = (url) => {

 			// check for base domain only if the url is absolute
 			// return true for relative url (except protocol-relative urls)
-			return is_absolute(url) ? domain(location.href) !== domain(url) : true;
+			return is_absolute(url) ? domain(location.href) !== domain(url) : false;
 		}
 	})();