hazza/jupyterhub
1
0
Fork 0
mirror of https://github.com/jupyterhub/jupyterhub.git synced 2025-10-09 19:13:03 +00:00
Code Issues Packages Projects Releases Wiki Activity

Further login redirect validation

Browse Source
This commit is contained in:
Min RK
2019-04-01 12:05:17 +02:00
parent db851cd230
commit 3f1332e38f
2 changed files with 16 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
jupyterhub/tests/test_pages.py
View File

@@ -409,10 +409,13 @@ def test_login_strip(app):
(False, '/has?query#andhash', '/has?query#andhash'),
# next_url outside is not allowed
(False, 'relative/path', ''),
(False, 'https://other.domain', ''),
(False, 'ftp://other.domain', ''),
(False, '//other.domain', ''),
]
(False, '///other.domain/triple', ''),
(False, '\\\\other.domain/backslashes', ''),
],
)
@pytest.mark.gen_test
def test_login_redirect(app, running, next_url, location):
@@ -426,7 +429,7 @@ def test_login_redirect(app, running, next_url, location):
url = 'login'
if next_url:
if '//' not in next_url:
if '//' not in next_url and next_url.startswith('/'):
next_url = ujoin(app.base_url, next_url, '')
url = url_concat(url, dict(next=next_url))