workaround as Google does not allow to append param to redirect_url

2019-07-08 19:53:37 +02:00 · 2019-07-08 19:53:37 +02:00 · 7ea4c157a1
parent caf610446c
commit 7ea4c157a1
1 changed files with 9 additions and 8 deletions
--- a/app/auth/views/google.py
+++ b/app/auth/views/google.py
@ -10,7 +10,7 @@ from app.email_utils import notify_admin
 from app.extensions import db
 from app.log import LOG
 from app.models import User, File
-from app.utils import random_string, encode_url
+from app.utils import random_string

 _authorization_base_url = "https://accounts.google.com/o/oauth2/v2/auth"
 _token_url = "https://www.googleapis.com/oauth2/v4/token"
@ -32,12 +32,13 @@ def google_login():
    session.pop("_flashes", None)

    next_url = request.args.get("next")
-    if next_url:
-        redirect_uri = _redirect_uri + "?next=" + encode_url(next_url)
-    else:
-        redirect_uri = _redirect_uri

-    google = OAuth2Session(GOOGLE_CLIENT_ID, scope=_scope, redirect_uri=redirect_uri)
+    # Google does not allow to append param to redirect_url
+    # we need to pass the next url by session
+    if next_url:
+        session["google_next_url"] = next_url
+
+    google = OAuth2Session(GOOGLE_CLIENT_ID, scope=_scope, redirect_uri=_redirect_uri)
    authorization_url, state = google.authorization_url(_authorization_base_url)

    # State is used to prevent CSRF, keep this for later.
@ -112,8 +113,8 @@ def google_callback():
        )

    # The activation link contains the original page, for ex authorize page
-    if "next" in request.args:
-        next_url = request.args.get("next")
+    if "google_next_url" in session:
+        next_url = session["google_next_url"]
        LOG.debug("redirect user to %s", next_url)
        return redirect(next_url)
    else: