Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-31 11:05:54 +01:00
Code Issues Packages Projects Releases Wiki Activity

closes #5156

Browse Source
This commit is contained in:
Julian Lam
2016-10-25 16:52:03 -04:00
parent e515b791da
commit 0590a4f2cf
4 changed files with 8 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
public/src/ajaxify.js
View File

@@ -272,6 +272,9 @@ $(document).ready(function () {
apiXHR = $.ajax({ apiXHR = $.ajax({
url: RELATIVE_PATH + '/api/' + url, url: RELATIVE_PATH + '/api/' + url,
cache: false, cache: false,
headers: {
'X-Return-To': app.previousUrl
},
success: function (data) { success: function (data) {
if (!data) { if (!data) {
return; return;

11
public/src/client/login.js
View File

@@ -59,17 +59,6 @@ define('forum/login', ['translator'], function (translator) {
} else { } else {
$('#content #username').focus(); $('#content #username').focus();
} }
// Add "returnTo" data if present
if (app.previousUrl && $('#returnTo').length === 0) {
var returnToEl = document.createElement('input');
returnToEl.type = 'hidden';
returnToEl.name = 'returnTo';
returnToEl.id = 'returnTo';
returnToEl.value = app.previousUrl;
$(returnToEl).appendTo(formEl);
}
}; };
return Login; return Login;

9
src/controllers/authentication.js
View File

@@ -196,15 +196,6 @@ authenticationController.registerAbort = function (req, res) {
}; };
authenticationController.login = function (req, res, next) { authenticationController.login = function (req, res, next) {
// Handle returnTo data
if (req.body.hasOwnProperty('returnTo') && !req.session.returnTo) {
// As req.body is data obtained via userland, it is untrusted, restrict to internal links only
var parsed = url.parse(req.body.returnTo);
var isInternal = utils.isInternalURI(url.parse(req.body.returnTo), nconf.get('url_parsed'), nconf.get('relative_path'));
req.session.returnTo = isInternal ? req.body.returnTo : nconf.get('url');
}
if (plugins.hasListeners('action:auth.overrideLogin')) { if (plugins.hasListeners('action:auth.overrideLogin')) {
return continueLogin(req, res, next); return continueLogin(req, res, next);
} }

5
src/controllers/index.js
View File

@@ -104,6 +104,7 @@ Controllers.login = function (req, res, next) {
var registrationType = meta.config.registrationType || 'normal'; var registrationType = meta.config.registrationType || 'normal';
var allowLoginWith = (meta.config.allowLoginWith || 'username-email'); var allowLoginWith = (meta.config.allowLoginWith || 'username-email');
var returnTo = req.headers['x-return-to'].replace(nconf.get('url'), '');
var errorText; var errorText;
if (req.query.error === 'csrf-invalid') { if (req.query.error === 'csrf-invalid') {
@@ -112,6 +113,10 @@ Controllers.login = function (req, res, next) {
errorText = validator.escape(String(req.query.error)); errorText = validator.escape(String(req.query.error));
} }
if (returnTo) {
req.session.returnTo = returnTo;
}
data.alternate_logins = loginStrategies.length > 0; data.alternate_logins = loginStrategies.length > 0;
data.authentication = loginStrategies; data.authentication = loginStrategies;
data.allowLocalLogin = parseInt(meta.config.allowLocalLogin, 10) === 1 || parseInt(req.query.local, 10) === 1; data.allowLocalLogin = parseInt(meta.config.allowLocalLogin, 10) === 1 || parseInt(req.query.local, 10) === 1;