Merge pull request #10340 from revant/fix-redirect-after-login

2020-05-14 09:59:49 +05:30 · 2020-05-14 09:59:49 +05:30 · cfdc5c9d33
commit cfdc5c9d33
parent 41d0d22edc a0d8b1a1b3
2 changed files with 28 additions and 1 deletions
--- a/cypress/integration/login.js
+++ b/cypress/integration/login.js
@ -38,4 +38,31 @@ context('Login', () => {
 		cy.location('pathname').should('eq', '/desk');
 		cy.window().its('frappe.session.user').should('eq', 'Administrator');
 	});
+
+	it('check redirect after login', () => {
+
+		// mock for OAuth 2.0 client_id, redirect_uri, scope and state
+		const payload = new URLSearchParams({
+			uuid: '6fed1519-cfd8-4a2d-84a6-9a1799c7c741',
+			encoded_string: 'hello all',
+			encoded_url: 'http://test.localhost/callback',
+			base64_string: 'aGVsbG8gYWxs'
+		});
+
+		cy.request('/api/method/logout');
+
+		// redirect-to /me page with params to mock OAuth 2.0 like request
+		cy.visit(
+			'/login?redirect-to=/me?' +
+				encodeURIComponent(payload.toString().replace("+", " "))
+		);
+
+		cy.get('#login_email').type('Administrator');
+		cy.get('#login_password').type(Cypress.config('adminPassword'));
+
+		cy.get('.btn-login').click();
+
+		// verify redirected location and url params after login
+		cy.url().should('include', '/me?' + payload.toString().replace('+', '%20'));
+	});
 });
--- a/frappe/public/js/frappe/utils/common.js
+++ b/frappe/public/js/frappe/utils/common.js
@ -276,7 +276,7 @@ frappe.utils.sanitise_redirect = (url) => {

 			// check for base domain only if the url is absolute
 			// return true for relative url (except protocol-relative urls)
-			return is_absolute(url) ? domain(location.href) !== domain(url) : true;
+			return is_absolute(url) ? domain(location.href) !== domain(url) : false;
 		}
 	})();