mirror of
https://github.com/simple-login/app.git
synced 2024-09-29 13:11:29 +02:00
Make NextUrlSanitizer a static class
This commit is contained in:
parent
6be99bc576
commit
b4e291d4fd
23
app/utils.py
23
app/utils.py
@ -76,34 +76,35 @@ def sanitize_email(email_address: str, not_lower=False) -> str:
|
|||||||
|
|
||||||
|
|
||||||
class NextUrlSanitizer:
|
class NextUrlSanitizer:
|
||||||
def __init__(self, allowed_domains: List[str]):
|
@staticmethod
|
||||||
self.allowed_domains = allowed_domains
|
def sanitize(url: Optional[str], allowed_domains: List[str]) -> Optional[str]:
|
||||||
|
|
||||||
def sanitize(self, url: Optional[str]) -> Optional[str]:
|
|
||||||
if not url:
|
if not url:
|
||||||
return None
|
return None
|
||||||
# Relative redirect
|
# Relative redirect
|
||||||
if url[0] == "/":
|
if url[0] == "/":
|
||||||
return url
|
return url
|
||||||
return self.__handle_absolute_redirect(url)
|
return NextUrlSanitizer.__handle_absolute_redirect(url, allowed_domains)
|
||||||
|
|
||||||
def __handle_absolute_redirect(self, url: str) -> Optional[str]:
|
@staticmethod
|
||||||
if not self.__is_absolute_url(url):
|
def __handle_absolute_redirect(
|
||||||
|
url: str, allowed_domains: List[str]
|
||||||
|
) -> Optional[str]:
|
||||||
|
if not NextUrlSanitizer.__is_absolute_url(url):
|
||||||
# Unknown url, something like &next=something.example.com
|
# Unknown url, something like &next=something.example.com
|
||||||
return None
|
return None
|
||||||
parsed = urllib.parse.urlparse(url)
|
parsed = urllib.parse.urlparse(url)
|
||||||
if parsed.hostname in self.allowed_domains:
|
if parsed.hostname in allowed_domains:
|
||||||
return url
|
return url
|
||||||
# Not allowed domain
|
# Not allowed domain
|
||||||
return None
|
return None
|
||||||
|
|
||||||
def __is_absolute_url(self, url: str) -> bool:
|
@staticmethod
|
||||||
|
def __is_absolute_url(url: str) -> bool:
|
||||||
return url.startswith(("http://", "https://"))
|
return url.startswith(("http://", "https://"))
|
||||||
|
|
||||||
|
|
||||||
def sanitize_next_url(url: Optional[str]) -> Optional[str]:
|
def sanitize_next_url(url: Optional[str]) -> Optional[str]:
|
||||||
sanitizer = NextUrlSanitizer(ALLOWED_REDIRECT_DOMAINS)
|
return NextUrlSanitizer.sanitize(url, ALLOWED_REDIRECT_DOMAINS)
|
||||||
return sanitizer.sanitize(url)
|
|
||||||
|
|
||||||
|
|
||||||
def query2str(query):
|
def query2str(query):
|
||||||
|
Loading…
Reference in New Issue
Block a user