def validate_redirect(url):
"""
Complain if a given URL is not on the login redirect whitelist.
For example, links like the following should be disallowed:
https://gen3.datacommons.io/user/login/fence?redirect=http://external-site.com
Only callable from inside flask application context.
Args:
url (str)
oauth_client (fence.models.Client)
Return:
None
Raises:
UserError: if redirect URL in the request is disallowed
"""
allowed_redirects = allowed_login_redirects()
if domain(url) not in allowed_redirects:
flask.current_app.logger.error(
"invalid redirect {}. expected one of: {}".format(
url, allowed_redirects))
raise UserError("invalid login redirect URL {}".format(url))
def logout_endpoint():
root = config.get("BASE_URL", "")
request_next = flask.request.args.get("next", root)
if request_next.startswith("https") or request_next.startswith("http"):
next_url = request_next
else:
next_url = build_redirect_url(config.get("ROOT_URL", ""),
request_next)
if domain(next_url) not in allowed_login_redirects():
raise UserError("invalid logout redirect URL: {}".format(next_url))
return logout(next_url=next_url)
