NCGEARS/cheesy-arena-lite
1
0
Fork 0
mirror of https://github.com/Team254/cheesy-arena-lite.git synced 2026-03-09 13:46:44 -04:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

Include query parameters in login redirect.

Browse Source
This commit is contained in:
Patrick Fairbank
2020-04-04 14:19:47 -07:00
parent eb64939b20
commit b49afaa363
2 changed files with 17 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
web/login.go
View File

@@ -10,6 +10,7 @@ import (
"github.com/Team254/cheesy-arena/model"
"github.com/google/uuid"
"net/http"
"net/url"
"time"
)
@@ -67,7 +68,11 @@ func (web *Web) userIsAdmin(w http.ResponseWriter, r *http.Request) bool {
if session != nil && session.Username == adminUser {
return true
} else {
http.Redirect(w, r, "/login?redirect="+r.URL.Path, 307)
redirect := r.URL.Path
if r.URL.RawQuery != "" {
redirect += "?" + r.URL.RawQuery
}
http.Redirect(w, r, "/login?redirect="+url.QueryEscape(redirect), 307)
return false
}
}

19
web/login_test.go
View File

@@ -13,32 +13,35 @@ func TestLoginDisplay(t *testing.T) {
web.arena.EventSettings.AdminPassword = "admin"
// Check that hitting a protected page redirects to the login.
recorder := web.getHttpResponse("/match_play")
recorder := web.getHttpResponse("/match_play?p1=v1&p2=v2")
assert.Equal(t, 307, recorder.Code)
assert.Equal(t, "/login?redirect=/match_play", recorder.Header().Get("Location"))
assert.Equal(t, "/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2", recorder.Header().Get("Location"))
recorder = web.getHttpResponse("/login?redirect=/match_play")
recorder = web.getHttpResponse("/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2")
assert.Equal(t, 200, recorder.Code)
assert.Contains(t, recorder.Body.String(), "Log In - Untitled Event - Cheesy Arena")
// Check logging in with the wrong username and right password.
recorder = web.postHttpResponse("/login?redirect=/match_play", "username=blorpy&password=reader")
recorder = web.postHttpResponse("/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2",
"username=blorpy&password=reader")
assert.Equal(t, 200, recorder.Code)
assert.Contains(t, recorder.Body.String(), "Invalid login credentials.")
// Check logging in with the right username and wrong password.
recorder = web.postHttpResponse("/login?redirect=/match_play", "username=admin&password=blorpy")
recorder = web.postHttpResponse("/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2",
"username=admin&password=blorpy")
assert.Equal(t, 200, recorder.Code)
assert.Contains(t, recorder.Body.String(), "Invalid login credentials.")
// Check logging in with the right username and password.
recorder = web.postHttpResponse("/login?redirect=/match_play", "username=admin&password=admin")
recorder = web.postHttpResponse("/login?redirect=%2Fmatch_play%3Fp1%3Dv1%26p2%3Dv2",
"username=admin&password=admin")
assert.Equal(t, 303, recorder.Code)
assert.Equal(t, "/match_play", recorder.Header().Get("Location"))
assert.Equal(t, "/match_play?p1=v1&p2=v2", recorder.Header().Get("Location"))
cookie := recorder.Header().Get("Set-Cookie")
assert.Contains(t, cookie, "session_token=")
// Check that hitting the reader-level protected page works now.
recorder = web.getHttpResponseWithHeaders("/match_play", map[string]string{"Cookie": cookie})
recorder = web.getHttpResponseWithHeaders("/match_play?p1=v1&p2=v2", map[string]string{"Cookie": cookie})
assert.Equal(t, 200, recorder.Code)
}