Prevent open redirect on login

2021-07-26 18:54:14 +00:00 · 2021-07-26 18:54:14 +00:00 · da6e7893ac
parent d72fd1829f
commit da6e7893ac
2 changed files with 17 additions and 6 deletions
--- a/front/src/router/index.js
+++ b/front/src/router/index.js
@ -1025,6 +1025,7 @@ export default new Router({
    },
    {
      path: '*',
+      name: '404',
      component: () =>
        import(/* webpackChunkName: "core" */ '@/components/PageNotFound')
    }
--- a/front/src/views/auth/Login.vue
+++ b/front/src/views/auth/Login.vue
@ -3,30 +3,40 @@
    <section class="ui vertical stripe segment">
      <div class="ui small text container">
        <h2><translate translate-context="Content/Login/Title/Verb">Log in to your Funkwhale account</translate></h2>
-        <login-form :next="next"></login-form>
+        <login-form :next="redirectTo"></login-form>
      </div>
    </section>
  </main>
 </template>

 <script>
-import LoginForm from "@/components/auth/LoginForm"
+import LoginForm from '@/components/auth/LoginForm'

 export default {
  props: {
-    next: { type: String, default: "/library" }
+    next: { type: String, default: '/library' }
+  },
+  data () {
+    return {
+      redirectTo: this.next
+    }
  },
  components: {
    LoginForm
  },
  created () {
+    const resolved = this.$router.resolve(this.redirectTo)
+    console.log(resolved.route.name)
+    if (resolved.route.name === '404') {
+      this.redirectTo = '/library'
+    }
    if (this.$store.state.auth.authenticated) {
-      this.$router.push(this.next)
+      this.$router.push(this.redirectTo)
    }
  },
  computed: {
-    labels() {
-      let title = this.$pgettext('Head/Login/Title', "Log In")
+    labels () {
+      const title = this.$pgettext('Head/Login/Title', 'Log In')
      return {
        title
      }