Example #1
0
def validate_redirect(url):
    """
    Complain if a given URL is not on the login redirect whitelist.

    For example, links like the following should be disallowed:

        https://gen3.datacommons.io/user/login/fence?redirect=http://external-site.com

    Only callable from inside flask application context.

    Args:
        url (str)
        oauth_client (fence.models.Client)

    Return:
        None

    Raises:
        UserError: if redirect URL in the request is disallowed
    """
    allowed_redirects = allowed_login_redirects()
    if domain(url) not in allowed_redirects:
        flask.current_app.logger.error(
            "invalid redirect {}. expected one of: {}".format(
                url, allowed_redirects))
        raise UserError("invalid login redirect URL {}".format(url))
Example #2
0
 def logout_endpoint():
     root = config.get("BASE_URL", "")
     request_next = flask.request.args.get("next", root)
     if request_next.startswith("https") or request_next.startswith("http"):
         next_url = request_next
     else:
         next_url = build_redirect_url(config.get("ROOT_URL", ""),
                                       request_next)
     if domain(next_url) not in allowed_login_redirects():
         raise UserError("invalid logout redirect URL: {}".format(next_url))
     return logout(next_url=next_url)