Skip to content

Commit

Permalink
Redirect a logged out user back to the last page they were on.
Browse files Browse the repository at this point in the history
  • Loading branch information
rtibbles committed Jul 3, 2024
1 parent 94ac31a commit d7608df
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 3 deletions.
2 changes: 1 addition & 1 deletion kolibri/core/assets/src/heartbeat.js
Original file line number Diff line number Diff line change
Expand Up @@ -266,7 +266,7 @@ export class HeartBeat {
Lockr.set(SIGNED_OUT_DUE_TO_INACTIVITY, true);
// Redirect the user to let the server sort out where they should
// be now
redirectBrowser();
redirectBrowser(null, true);
}
_sessionUrl(id) {
return urls['kolibri:core:session-detail'](id);
Expand Down
9 changes: 7 additions & 2 deletions kolibri/core/assets/src/utils/redirectBrowser.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
import urls from 'kolibri.urls';

export default function redirectBrowser(url) {
window.location.href = url || urls['kolibri:core:redirect_user']();
export default function redirectBrowser(url, next = false) {
url = url || urls['kolibri:core:redirect_user']();
const urlObject = new URL(url, window.location.origin);
if (next) {
urlObject.searchParams.set('next', encodeURIComponent(window.location.href));
}
window.location.href = urlObject.href;
}
11 changes: 11 additions & 0 deletions kolibri/core/views.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
from django.urls import reverse
from django.urls import translate_url
from django.utils.decorators import method_decorator
from django.utils.http import url_has_allowed_host_and_scheme
from django.utils.translation import check_for_language
from django.utils.translation import gettext_lazy as _
from django.utils.translation import LANGUAGE_SESSION_KEY
Expand Down Expand Up @@ -179,6 +180,16 @@ def get(self, request):
else:
url = get_url_by_role(user_kinds.ANONYMOUS)
if url:
next_url = request.GET.get("next")
if next_url:
# Step 2: Validate the next_url
if url_has_allowed_host_and_scheme(
next_url,
allowed_hosts={request.get_host()},
require_https=request.is_secure(),
):
# Step 3: Append next_url to the base url if it's valid
url = f"{url}?next={next_url}"
return HttpResponseRedirect(url)
raise Http404(
_(
Expand Down

0 comments on commit d7608df

Please sign in to comment.