Use Referer to determine where to redirect when logging in.

Mike Taylor · Mike Taylor · commit a1e78928b3f6 · 2014-09-18T22:19:39.000-05:00
No longer need to check ?next_url, which was done insecurely.
diff --git a/grunt-tasks/concat.js b/grunt-tasks/concat.js
@@ -15,8 +15,7 @@ module.exports = function(grunt) {
             '<%= jsPath %>/vendor/mousetrap-min.js',
             '<%= jsPath %>/vendor/backbone.mousetrap.js',
             '<%= jsPath %>/lib/homepage.js',
-            '<%= jsPath %>/lib/bugform.js',
-            '<%= jsPath %>/lib/shared.js'
+            '<%= jsPath %>/lib/bugform.js'
         ],
         dest: '<%= jsPath %>/<%= pkg.name %>.js'
       },
diff --git a/grunt-tasks/jshint.js b/grunt-tasks/jshint.js
@@ -33,7 +33,6 @@ module.exports = function(grunt) {
         '<%= jsPath %>/lib/comments.js',
         '<%= jsPath %>/lib/labels.js',
         '<%= jsPath %>/lib/issues.js',
-        '<%= jsPath %>/lib/shared.js',
         '<%= jsPath %>/lib/diagnose.js'
       ]
   });
diff --git a/webcompat/helpers.py b/webcompat/helpers.py
@@ -4,8 +4,11 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.
 
+import urlparse
+
 from flask import session
 from ua_parser import user_agent_parser
+
 from webcompat import github
 
 JSON_MIME = 'application/json'
@@ -79,3 +82,18 @@ def get_headers(response):
                'cache-control': response.headers.get('cache-control'),
                'content-type': JSON_MIME}
     return headers
+
+
+def get_referer(request):
+    '''Return the Referer URI based on the passed in Request object.
+
+    Also validate that it came from our own server. If it didn't, return None.
+    '''
+    host_whitelist = ('webcompat.com', 'staging.webcompat.com',
+                      '127.0.0.1', 'localhost')
+    if request.referrer:
+        host = urlparse.urlparse(request.referrer).hostname
+        if host in host_whitelist:
+            return request.referrer
+    else:
+        return None
diff --git a/webcompat/static/js/lib/shared.js b/webcompat/static/js/lib/shared.js
diff --git a/webcompat/templates/layout.html b/webcompat/templates/layout.html
@@ -58,7 +58,6 @@
 <script src="{{ url_for('static', filename='js/vendor/marked-min.js') }}"></script>
 <script src="{{ url_for('static', filename='js/lib/homepage.js') }}"></script>
 <script src="{{ url_for('static', filename='js/lib/bugform.js') }}"></script>
-<script src="{{ url_for('static', filename='js/lib/shared.js') }}"></script>
 {%- endif %}
 {% for category, message in get_flashed_messages(with_categories=True) %}
 <div class="flash {{ category }}">{{ message }}</div>
diff --git a/webcompat/views.py b/webcompat/views.py
@@ -21,6 +21,7 @@
 from helpers import get_browser
 from helpers import get_browser_name
 from helpers import get_os
+from helpers import get_referer
 from helpers import get_user_info
 from issues import report_issue
 from models import db_session
@@ -47,6 +48,7 @@ def before_request():
     g.user = None
     if 'user_id' in session:
         g.user = User.query.get(session['user_id'])
+    g.referer = get_referer(request) or url_for('index')
 
 
 @app.after_request
@@ -71,31 +73,27 @@ def format_date(datestring):
 
 @app.route('/login')
 def login():
-    next_url = request.args.get('next') or url_for('index')
     if session.get('user_id', None) is None:
-        session['next_url'] = next_url
         return github.authorize('public_repo')
     else:
-        return redirect(next_url)
+        return redirect(g.referer)
 
 
 @app.route('/logout')
 def logout():
-    next_url = request.args.get('next') or url_for('index')
     session.clear()
     flash(u'You were successfully logged out.', 'info')
-    return redirect(next_url)
+    return redirect(g.referer)
 
 
 # OAuth2 callback handler that GitHub requires.
 # If this moves, it needs to change in GitHub settings as well
 @app.route('/callback')
 @github.authorized_handler
 def authorized(access_token):
-    next_url = session.get('next_url') or url_for('index')
     if access_token is None:
         flash(u'Something went wrong trying to sign into GitHub. :(', 'error')
-        return redirect(next_url)
+        return redirect(g.referer)
     user = User.query.filter_by(github_access_token=access_token).first()
     if user is None:
         user = User(access_token)
@@ -105,7 +103,7 @@ def authorized(access_token):
     if session.get('form_data', None) is not None:
         return redirect(url_for('file_issue'))
     else:
-        return redirect(next_url)
+        return redirect(g.referer)
 
 
 # This route won't ever be viewed by a human being--there's not

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,6 @@ module.exports = function(grunt) {`
`33`	`33`	`'<%= jsPath %>/lib/comments.js',`
`34`	`34`	`'<%= jsPath %>/lib/labels.js',`
`35`	`35`	`'<%= jsPath %>/lib/issues.js',`
`36`		`- '<%= jsPath %>/lib/shared.js',`
`37`	`36`	`'<%= jsPath %>/lib/diagnose.js'`
`38`	`37`	`]`
`39`	`38`	`});`