Commit 138c8b71 authored by Sofia Papagiannaki's avatar Sofia Papagiannaki
Browse files

astakos: modifications in redirect view

* If there is no next request parameter, the view fails with 400
(BadRequest) response status.
* ``pithosdev`` added in allowed schemes for the next parameter
parent 515ea356
......@@ -108,7 +108,9 @@ renew Force token renewal (no value parameter)
force Force logout current user (no value parameter)
====================== =========================
When done with logging in, the service's login URI should redirect to the URI provided with ``next``, adding ``user`` and ``token`` parameters, which contain the account and token fields respectively.
When done with logging in, the service's login URI should redirect to the URI provided with ``next``, adding the ``token`` parameters which contains authentication token.
If ``next`` request parameter is missing the call fails with BadRequest (400) response status.
A user management service that implements a login URI according to these conventions is Astakos (https://code.grnet.gr/projects/astakos), by GRNET.
......
......@@ -67,9 +67,9 @@ def login(request):
"""
next = request.GET.get('next')
if not next:
next = reverse('index')
raise HttpResponseBadRequest('Missing next parameter')
if not restrict_next(next, allowed_schemes=('pithos',)):
if not restrict_next(next, allowed_schemes=('pithos', 'pithosdev')):
return HttpResponseForbidden(_(
astakos_messages.NOT_ALLOWED_NEXT_PARAM))
force = request.GET.get('force', None)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment