NCGEARS/cheesy-arena-lite
1
0
Fork 0
mirror of https://github.com/Team254/cheesy-arena-lite.git synced 2026-03-09 13:46:44 -04:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

Include query parameters in login redirect.

Browse Source
This commit is contained in:
Patrick Fairbank
2020-04-04 14:19:47 -07:00
parent eb64939b20
commit b49afaa363
2 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
web/login.go
View File

@@ -10,6 +10,7 @@ import (
"github.com/Team254/cheesy-arena/model" "github.com/Team254/cheesy-arena/model"
"github.com/google/uuid" "github.com/google/uuid"
"net/http" "net/http"
"net/url"
"time" "time"
) )
@@ -67,7 +68,11 @@ func (web *Web) userIsAdmin(w http.ResponseWriter, r *http.Request) bool {
if session != nil && session.Username == adminUser { if session != nil && session.Username == adminUser {
return true return true
} else { } else {
http.Redirect(w, r, "/login?redirect="+r.URL.Path, 307) redirect := r.URL.Path
if r.URL.RawQuery != "" {
redirect += "?" + r.URL.RawQuery
}
http.Redirect(w, r, "/login?redirect="+url.QueryEscape(redirect), 307)
return false return false
} }
} }

19
web/login_test.go
View File

@@ -13,32 +13,35 @@ func TestLoginDisplay(t *testing.T) {
web.arena.EventSettings.AdminPassword = "admin" web.arena.EventSettings.AdminPassword = "admin"
// Check that hitting a protected page redirects to the login. // Check that hitting a protected page redirects to the login.
recorder := web.getHttpResponse("/match_play") recorder := web.getHttpResponse("/match_play?p1=v1&p2=v2")
assert.Equal(t, 307, recorder.Code) assert.Equal(t, 307, recorder.Code)
assert.Equal(t, "/login?redirect=/match_play", recorder.Header().Get("Location")) assert.Equal(t, "/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2", recorder.Header().Get("Location"))
recorder = web.getHttpResponse("/login?redirect=/match_play") recorder = web.getHttpResponse("/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2")
assert.Equal(t, 200, recorder.Code) assert.Equal(t, 200, recorder.Code)
assert.Contains(t, recorder.Body.String(), "Log In - Untitled Event - Cheesy Arena") assert.Contains(t, recorder.Body.String(), "Log In - Untitled Event - Cheesy Arena")
// Check logging in with the wrong username and right password. // Check logging in with the wrong username and right password.
recorder = web.postHttpResponse("/login?redirect=/match_play", "username=blorpy&password=reader") recorder = web.postHttpResponse("/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2",
"username=blorpy&password=reader")
assert.Equal(t, 200, recorder.Code) assert.Equal(t, 200, recorder.Code)
assert.Contains(t, recorder.Body.String(), "Invalid login credentials.") assert.Contains(t, recorder.Body.String(), "Invalid login credentials.")
// Check logging in with the right username and wrong password. // Check logging in with the right username and wrong password.
recorder = web.postHttpResponse("/login?redirect=/match_play", "username=admin&password=blorpy") recorder = web.postHttpResponse("/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2",
"username=admin&password=blorpy")
assert.Equal(t, 200, recorder.Code) assert.Equal(t, 200, recorder.Code)
assert.Contains(t, recorder.Body.String(), "Invalid login credentials.") assert.Contains(t, recorder.Body.String(), "Invalid login credentials.")
// Check logging in with the right username and password. // Check logging in with the right username and password.
recorder = web.postHttpResponse("/login?redirect=/match_play", "username=admin&password=admin") recorder = web.postHttpResponse("/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2",
"username=admin&password=admin")
assert.Equal(t, 303, recorder.Code) assert.Equal(t, 303, recorder.Code)
assert.Equal(t, "/match_play", recorder.Header().Get("Location")) assert.Equal(t, "/match_play?p1=v1&p2=v2", recorder.Header().Get("Location"))
cookie := recorder.Header().Get("Set-Cookie") cookie := recorder.Header().Get("Set-Cookie")
assert.Contains(t, cookie, "session_token=") assert.Contains(t, cookie, "session_token=")
// Check that hitting the reader-level protected page works now. // Check that hitting the reader-level protected page works now.
recorder = web.getHttpResponseWithHeaders("/match_play", map[string]string{"Cookie": cookie}) recorder = web.getHttpResponseWithHeaders("/match_play?p1=v1&p2=v2", map[string]string{"Cookie": cookie})
assert.Equal(t, 200, recorder.Code) assert.Equal(t, 200, recorder.Code)
} }