Merge pull request #30 from sparklespdx/login-405

Fix 405 issue
tmthyjames · Apr 14, 2018 · ded82de · ded82de
2 parents 149cc30 + a2877a9
commit ded82de
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 9 deletions.
diff --git a/app/views/views.py b/app/views/views.py
@@ -1,5 +1,6 @@
-from flask import render_template, Blueprint, redirect, url_for, flash, g
+from flask import abort, Blueprint, flash, g, render_template, redirect, request, url_for
 from flask_login import LoginManager, UserMixin, current_user, login_user, login_required, logout_user
+from urllib.parse import urlparse, urljoin
 from app.forms.forms import LoginForm
 from app.models.models import User
 
@@ -19,13 +20,21 @@ def login():
         return redirect(url_for('main.capture'))
     form = LoginForm()
     if form.validate_on_submit():
+
         user = User.query.filter_by(username=form.username.data).first()
+
         if user is None or not user.check_password(form.password.data):
             flash('Invalid username or password')
             return redirect(url_for('main.login'))
+
         login_user(user)
         g.user = user
-        return redirect(url_for('main.capture'))
+
+        next_ = request.args.get('next')
+        if not is_safe_url(next_):
+            return abort(400)
+
+        return redirect(next_ or url_for('main.capture'), code=301)
     return render_template('login.html', title='Sign In', form=form)
 
 @main.route('/logout', methods=['GET'])
@@ -48,7 +57,9 @@ def prediction():
 def dashboard():
     return render_template('my-dashboard.html')
 
-@main.errorhandler(401)
-def page_not_found(e):
-    form = LoginForm()
-    return render_template('login.html', form=form, title='Sign In')
+# http://flask.pocoo.org/snippets/62/
+def is_safe_url(target):
+    ref_url = urlparse(request.host_url)
+    test_url = urlparse(urljoin(request.host_url, target))
+    return test_url.scheme in ('http', 'https') and \
+           ref_url.netloc == test_url.netloc
diff --git a/application.py b/application.py
@@ -28,10 +28,8 @@
 sslify = SSLify(application)
 
 application.register_blueprint(views_blueprints)
-
 login_manager = LoginManager(application)
-login_manager.init_app(application)
-
+login_manager.login_view = 'main.login'
 
 @application.before_request
 def inject_globals():