Issue #32 open

OpenID login doesn't preserve the ?next= parameter

Anonymous created an issue

If I'm at this page:

http://metaward.com/accounts/signin/?next=/alias/add%3Falias%3Dhttp%253A//kongregate.com/accounts/catchbumps

and I login with openid, I end up at this page :

http://metaward.com/accounts/register/?next=%2Fs%2Fme

I think this stems from line 253 in views.py

    if not redirect_to or '//' in redirect_to or ' ' in redirect_to:

since I have a // in my redirect_to link.

I think you are trying to make sure the redirect is actually on this host. You already have a "clean_next" in the utils, why isn't it used here?

Comments (4)

  1. Paul Tarjan

    The patch is to do this to every line that has the double slash check

            redirect_to = clean_next(redirect_to)
            # if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
            #     redirect_to = settings.LOGIN_REDIRECT_URL
    
  2. Benoit Chesneau repo owner
    • changed status to open

    hum I'm not sure about this. I don't use clean_next in signong function to redirect on LOGIN_REDIRECT_URL . But maybe I'm wrong. Is this a bug or an improment ?

  3. Log in to comment