Merge pull request #24 from conkiztador/switch_redirect_to

Support custom redirect url from the 'switch' view
2013-02-27 20:47:58 -08:00
parent 808b0296e5 f09875e53d
commit 2fabeb84a2
2 changed files with 24 additions and 4 deletions
--- a/openstack_auth/tests/tests.py
+++ b/openstack_auth/tests/tests.py
@@ -1,5 +1,6 @@
 from django import test
 from django.conf import settings
+from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.core.urlresolvers import reverse

 from keystoneclient import exceptions as keystone_exceptions
@@ -156,7 +157,7 @@ class OpenStackAuthTests(test.TestCase):
                            ("An error occurred authenticating. Please try "
                             "again later."))

-    def test_switch(self):
+    def test_switch(self, next=None):
        tenant = self.data.tenant_two
        tenants = [self.data.tenant_one, self.data.tenant_two]
        user = self.data.user
@@ -211,8 +212,19 @@ class OpenStackAuthTests(test.TestCase):
        sc.catalog['token']['id'] = self.data.tenant_two.id

        form_data['tenant_id'] = tenant.id
+
+        if next:
+            form_data.update({REDIRECT_FIELD_NAME: next})
+
        response = self.client.get(url, form_data)

-        self.assertRedirects(response, settings.LOGIN_REDIRECT_URL)
+        if next:
+            expected_url = 'http://testserver%s' % next
+            self.assertEqual(response['location'], expected_url)
+        else:
+            self.assertRedirects(response, settings.LOGIN_REDIRECT_URL)
        self.assertEqual(self.client.session['token']['token']['tenant']['id'],
                         scoped.tenant['id'])
+
+    def test_switch_with_next(self):
+        self.test_switch(next='/next_url')
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -10,6 +10,7 @@ from django.contrib.auth.views import (login as django_login,
 from django.contrib.auth.decorators import login_required
 from django.views.decorators.debug import sensitive_post_parameters
 from django.utils.functional import curry
+from django.utils.http import is_safe_url
 from django.views.decorators.cache import never_cache
 from django.views.decorators.csrf import csrf_protect

@@ -87,7 +88,7 @@ def delete_all_tokens(token_list):


@login_required
-def switch(request, tenant_id):
+def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
    """ Switches an authenticated user from one tenant to another. """
    LOG.debug('Switching to tenant %s for user "%s".'
              % (tenant_id, request.user.username))
@@ -99,7 +100,14 @@ def switch(request, tenant_id):
    except keystone_exceptions.ClientException:
        token = None
        LOG.exception('An error occurred while switching sessions.')
+
+    # Ensure the user-originating redirection url is safe.
+    # Taken from django.contrib.auth.views.login()
+    redirect_to = request.REQUEST.get(redirect_field_name, '')
+    if not is_safe_url(url=redirect_to, host=request.get_host()):
+        redirect_to = settings.LOGIN_REDIRECT_URL
+
    if token:
        user = create_user_from_token(request, token, endpoint)
        set_session_from_user(request, user)
-    return shortcuts.redirect(settings.LOGIN_REDIRECT_URL)
+    return shortcuts.redirect(redirect_to)