Redirect to the referer url after mastofe authorization Closes #717 See merge request pleroma/pleroma!1025tags/v1.1.4
@@ -1091,9 +1091,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do | |||
end | |||
def index(%{assigns: %{user: user}} = conn, _params) do | |||
token = | |||
conn | |||
|> get_session(:oauth_token) | |||
token = get_session(conn, :oauth_token) | |||
if user && token do | |||
mastodon_emoji = mastodonized_emoji() | |||
@@ -1194,6 +1192,7 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do | |||
|> render("index.html", %{initial_state: initial_state, flavour: flavour}) | |||
else | |||
conn | |||
|> put_session(:return_to, conn.request_path) | |||
|> redirect(to: "/web/login") | |||
end | |||
end | |||
@@ -1278,12 +1277,20 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do | |||
scope: Enum.join(app.scopes, " ") | |||
) | |||
conn | |||
|> redirect(to: path) | |||
redirect(conn, to: path) | |||
end | |||
end | |||
defp local_mastodon_root_path(conn), do: mastodon_api_path(conn, :index, ["getting-started"]) | |||
defp local_mastodon_root_path(conn) do | |||
case get_session(conn, :return_to) do | |||
nil -> | |||
mastodon_api_path(conn, :index, ["getting-started"]) | |||
return_to -> | |||
delete_session(conn, :return_to) | |||
return_to | |||
end | |||
end | |||
defp get_or_make_app do | |||
find_attrs = %{client_name: @local_mastodon_name, redirect_uris: "."} | |||
@@ -240,6 +240,16 @@ defmodule Pleroma.Factory do | |||
} | |||
end | |||
def oauth_authorization_factory do | |||
%Pleroma.Web.OAuth.Authorization{ | |||
token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false), | |||
scopes: ["read", "write", "follow", "push"], | |||
valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10), | |||
user: build(:user), | |||
app: build(:oauth_app) | |||
} | |||
end | |||
def push_subscription_factory do | |||
%Pleroma.Web.Push.Subscription{ | |||
user: build(:user), | |||
@@ -2340,4 +2340,71 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do | |||
refute acc_one == acc_two | |||
assert acc_two == acc_three | |||
end | |||
describe "index/2 redirections" do | |||
setup %{conn: conn} do | |||
session_opts = [ | |||
store: :cookie, | |||
key: "_test", | |||
signing_salt: "cooldude" | |||
] | |||
conn = | |||
conn | |||
|> Plug.Session.call(Plug.Session.init(session_opts)) | |||
|> fetch_session() | |||
test_path = "/web/statuses/test" | |||
%{conn: conn, path: test_path} | |||
end | |||
test "redirects not logged-in users to the login page", %{conn: conn, path: path} do | |||
conn = get(conn, path) | |||
assert conn.status == 302 | |||
assert redirected_to(conn) == "/web/login" | |||
end | |||
test "does not redirect logged in users to the login page", %{conn: conn, path: path} do | |||
token = insert(:oauth_token) | |||
conn = | |||
conn | |||
|> assign(:user, token.user) | |||
|> put_session(:oauth_token, token.token) | |||
|> get(path) | |||
assert conn.status == 200 | |||
end | |||
test "saves referer path to session", %{conn: conn, path: path} do | |||
conn = get(conn, path) | |||
return_to = Plug.Conn.get_session(conn, :return_to) | |||
assert return_to == path | |||
end | |||
test "redirects to the saved path after log in", %{conn: conn, path: path} do | |||
app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") | |||
auth = insert(:oauth_authorization, app: app) | |||
conn = | |||
conn | |||
|> put_session(:return_to, path) | |||
|> get("/web/login", %{code: auth.token}) | |||
assert conn.status == 302 | |||
assert redirected_to(conn) == path | |||
end | |||
test "redirects to the getting-started page when referer is not present", %{conn: conn} do | |||
app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") | |||
auth = insert(:oauth_authorization, app: app) | |||
conn = get(conn, "/web/login", %{code: auth.token}) | |||
assert conn.status == 302 | |||
assert redirected_to(conn) == "/web/getting-started" | |||
end | |||
end | |||
end |