def validate_redirect(url): """ Complain if a given URL is not on the login redirect whitelist. For example, links like the following should be disallowed: https://gen3.datacommons.io/user/login/fence?redirect=http://external-site.com Only callable from inside flask application context. Args: url (str) oauth_client (fence.models.Client) Return: None Raises: UserError: if redirect URL in the request is disallowed """ allowed_redirects = allowed_login_redirects() if domain(url) not in allowed_redirects: flask.current_app.logger.error( "invalid redirect {}. expected one of: {}".format( url, allowed_redirects)) raise UserError("invalid login redirect URL {}".format(url))
def logout_endpoint(): root = config.get("BASE_URL", "") request_next = flask.request.args.get("next", root) if request_next.startswith("https") or request_next.startswith("http"): next_url = request_next else: next_url = build_redirect_url(config.get("ROOT_URL", ""), request_next) if domain(next_url) not in allowed_login_redirects(): raise UserError("invalid logout redirect URL: {}".format(next_url)) return logout(next_url=next_url)