python类is_safe_url()的实例源码

views.py 文件源码 项目:byro 作者: byro 项目源码 文件源码 阅读 43 收藏 0 点赞 0 评论 0
def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponseRedirect:
        username = request.POST.get('username')
        password = request.POST.get('password')
        user = authenticate(username=username, password=password)

        if user is None:
            messages.error(request, _('No user account matches the entered credentials.'))
            return redirect('common:login')

        if not user.is_active:
            messages.error(request, _('User account is deactivated.'))
            return redirect('common:login')

        login(request, user)
        url = urllib.parse.unquote(request.GET.get('next', ''))
        if url and is_safe_url(url, request.get_host()):
            return redirect(url)

        return redirect('/')
auth.py 文件源码 项目:postix 作者: c3cashdesk 项目源码 文件源码 阅读 19 收藏 0 点赞 0 评论 0
def post(self, request: HttpRequest, *args, **kwargs) -> HttpResponseRedirect:
        username = request.POST.get('username')
        password = request.POST.get('password')
        user = authenticate(username=username, password=password)

        if user is None:
            messages.error(request, _('No user account matches the entered credentials.'))
            return redirect('backoffice:login')

        if not user.is_active:
            messages.error(request, _('User account is deactivated.'))
            return redirect('backoffice:login')

        if not is_backoffice_user(user):
            messages.error(request, _('User does not have permission to access backoffice data.'))
            return redirect('backoffice:login')

        login(request, user)
        url = request.GET.get('next')
        if url and is_safe_url(url, request.get_host()):
            return redirect(url)

        return redirect('backoffice:main')
views.py 文件源码 项目:Scrum 作者: prakharchoudhary 项目源码 文件源码 阅读 22 收藏 0 点赞 0 评论 0
def get_next_page(self):
        if self.next_page is not None:
            next_page = resolve_url(self.next_page)
        elif settings.LOGOUT_REDIRECT_URL:
            next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
        else:
            next_page = self.next_page

        if (self.redirect_field_name in self.request.POST or
                self.redirect_field_name in self.request.GET):
            next_page = self.request.POST.get(
                self.redirect_field_name,
                self.request.GET.get(self.redirect_field_name)
            )
            url_is_safe = is_safe_url(
                url=next_page,
                allowed_hosts=self.get_success_url_allowed_hosts(),
                require_https=self.request.is_secure(),
            )
            # Security check -- Ensure the user-originating redirection URL is
            # safe.
            if not url_is_safe:
                next_page = self.request.path
        return next_page
views.py 文件源码 项目:django 作者: alexsukhrin 项目源码 文件源码 阅读 24 收藏 0 点赞 0 评论 0
def get_next_page(self):
        if self.next_page is not None:
            next_page = resolve_url(self.next_page)
        elif settings.LOGOUT_REDIRECT_URL:
            next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
        else:
            next_page = self.next_page

        if (self.redirect_field_name in self.request.POST or
                self.redirect_field_name in self.request.GET):
            next_page = self.request.POST.get(
                self.redirect_field_name,
                self.request.GET.get(self.redirect_field_name)
            )
            url_is_safe = is_safe_url(
                url=next_page,
                allowed_hosts=self.get_success_url_allowed_hosts(),
                require_https=self.request.is_secure(),
            )
            # Security check -- Ensure the user-originating redirection URL is
            # safe.
            if not url_is_safe:
                next_page = self.request.path
        return next_page
views.py 文件源码 项目:djacket 作者: Djacket 项目源码 文件源码 阅读 21 收藏 0 点赞 0 评论 0
def user_login(request):
    """
        View for logging users in.
    """

    redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME, ''))
    login_form = AuthenticationForm(request, data=request.POST)
    if login_form.is_valid():
        # Ensure the user-originating redirection url is safe.
        if not is_safe_url(url=REDIRECT_FIELD_NAME, host=request.get_host()):
            redirect_to = settings.LOGIN_REDIRECT_URL
        # Okay, security check complete. Log the user in.
        auth_login(request, login_form.get_user())
        return redirect(settings.LOGIN_REDIRECT_URL if redirect_to == '' else redirect_to)
    else:
        return render(request, 'index.html', {'login_form': login_form, 'display': 'block', 'active': 'login'})
locale.py 文件源码 项目:pretalx 作者: pretalx 项目源码 文件源码 阅读 24 收藏 0 点赞 0 评论 0
def get(self, request, *args, **kwargs):
        url = request.GET.get('next', request.META.get('HTTP_REFERER', '/'))
        url = url if is_safe_url(url, host=request.get_host()) else '/'
        resp = HttpResponseRedirect(url)

        locale = request.GET.get('locale')
        if locale in [lc for lc, ll in settings.LANGUAGES]:
            if request.user.is_authenticated:
                request.user.locale = locale
                request.user.save()

            max_age = 10 * 365 * 24 * 60 * 60
            resp.set_cookie(settings.LANGUAGE_COOKIE_NAME, locale, max_age=max_age,
                            expires=(datetime.utcnow() + timedelta(seconds=max_age)).strftime(
                                '%a, %d-%b-%Y %H:%M:%S GMT'),
                            domain=settings.SESSION_COOKIE_DOMAIN)
            with override(locale):
                messages.success(request, phrases.cfp.locale_change_success)

        return resp
views.py 文件源码 项目:esdc-ce 作者: erigones 项目源码 文件源码 阅读 21 收藏 0 点赞 0 评论 0
def setlang(request):
    """
    Sets a user's language preference and redirects to a given URL or, by default, back to the previous page.
    """
    next = request.REQUEST.get('next')
    if not is_safe_url(url=next, host=request.get_host()):
        next = request.META.get('HTTP_REFERER')
        if not is_safe_url(url=next, host=request.get_host()):
            next = '/'
    response = redirect(next)

    lang_code = request.REQUEST.get('language', None)
    if lang_code and check_for_language(lang_code):
        if hasattr(request, 'session'):
            request.session[LANGUAGE_SESSION_KEY] = lang_code
        else:
            response.set_cookie(settings.LANGUAGE_COOKIE_NAME, lang_code,
                                max_age=settings.LANGUAGE_COOKIE_AGE,
                                path=settings.LANGUAGE_COOKIE_PATH,
                                domain=settings.LANGUAGE_COOKIE_DOMAIN)

    return response
views.py 文件源码 项目:lifesoundtrack 作者: MTG 项目源码 文件源码 阅读 21 收藏 0 点赞 0 评论 0
def get_next_page(self):
        if self.next_page is not None:
            next_page = resolve_url(self.next_page)
        elif settings.LOGOUT_REDIRECT_URL:
            next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
        else:
            next_page = self.next_page

        if (self.redirect_field_name in self.request.POST or
                self.redirect_field_name in self.request.GET):
            next_page = self.request.POST.get(
                self.redirect_field_name,
                self.request.GET.get(self.redirect_field_name)
            )
            url_is_safe = is_safe_url(
                url=next_page,
                allowed_hosts=self.get_success_url_allowed_hosts(),
                require_https=self.request.is_secure(),
            )
            # Security check -- Ensure the user-originating redirection URL is
            # safe.
            if not url_is_safe:
                next_page = self.request.path
        return next_page
views.py 文件源码 项目:iam-idbase 作者: UWIT-IAM 项目源码 文件源码 阅读 18 收藏 0 点赞 0 评论 0
def logout(request):
    """
    Logout a user by removing all cookies that don't have the magic string
    'persistent', and redirect to settings.LOGOUT_REDIRECT.
    """
    next_param = request.GET.get('next', None)
    next_url = (next_param
                if next_param and is_safe_url(next_param)
                else getattr(settings, 'LOGOUT_REDIRECT', None))
    response = (redirect(next_url)
                if next_url
                else render(request, 'idbase/logout.html'))
    logger.debug('Logging out {}@washington.edu and redirecting to {}'.format(
        request.uwnetid, next_url))
    # delete all cookies that don't contain the string 'persistent'
    delete_keys = [key for key in request.COOKIES
                   if not re.search(r'persistent', key, re.IGNORECASE)]
    for key in delete_keys:
        response.delete_cookie(key)

    return response
views.py 文件源码 项目:liberator 作者: libscie 项目源码 文件源码 阅读 19 收藏 0 点赞 0 评论 0
def get_next_page(self):
        if self.next_page is not None:
            next_page = resolve_url(self.next_page)
        elif settings.LOGOUT_REDIRECT_URL:
            next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
        else:
            next_page = self.next_page

        if (self.redirect_field_name in self.request.POST or
                self.redirect_field_name in self.request.GET):
            next_page = self.request.POST.get(
                self.redirect_field_name,
                self.request.GET.get(self.redirect_field_name)
            )
            url_is_safe = is_safe_url(
                url=next_page,
                allowed_hosts=self.get_success_url_allowed_hosts(),
                require_https=self.request.is_secure(),
            )
            # Security check -- Ensure the user-originating redirection URL is
            # safe.
            if not url_is_safe:
                next_page = self.request.path
        return next_page
views.py 文件源码 项目:django-iitg-auth 作者: narenchoudhary 项目源码 文件源码 阅读 19 收藏 0 点赞 0 评论 0
def form_valid(self, form):
        """
        This method is executed when submitted form is valid.

        It redirects to ``success_url`` if no ``next`` url is provided.
        Otherwise it redirects to ``next`` url.

        :param form: ``forms.Form`` instance
        :return: ``HttpResponse`` instance
        """
        redirect_to = self.request.POST.get('next', '')
        auth.login(self.request, form.user_cache)
        # check if next is a valid url
        if not is_safe_url(redirect_to, self.request.get_host()):
            return super(WebmailLoginView, self).form_valid(form)
        else:
            return redirect(redirect_to)
views.py 文件源码 项目:mozilla-django-oidc 作者: mozilla 项目源码 文件源码 阅读 31 收藏 0 点赞 0 评论 0
def get_next_url(request, redirect_field_name):
    """Retrieves next url from request

    Note: This verifies that the url is safe before returning it. If the url
    is not safe, this returns None.

    :arg HttpRequest request: the http request
    :arg str redirect_field_name: the name of the field holding the next url

    :returns: safe url or None

    """
    next_url = request.GET.get(redirect_field_name)
    if next_url:
        kwargs = {
            'url': next_url,
            'host': request.get_host()
        }
        # NOTE(willkg): Django 1.11+ allows us to require https, too.
        if django.VERSION >= (1, 11):
            kwargs['require_https'] = request.is_secure()
        is_safe = is_safe_url(**kwargs)
        if is_safe:
            return next_url
    return None
views.py 文件源码 项目:SOMS 作者: qitan 项目源码 文件源码 阅读 21 收藏 0 点赞 0 评论 0
def login(request, redirect_field_name=REDIRECT_FIELD_NAME, authentication_form=AuthenticationForm):
    redirect_to = request.POST.get(redirect_field_name,
                                   request.GET.get(redirect_field_name, ''))
    if request.method == "POST":
        if request.POST.has_key('login'):
            form = authentication_form(request, data=request.POST)
            if form.is_valid():
                if form.get_user() and form.get_user().is_active:
                    # Ensure the user-originating redirection url is safe.
                    if not is_safe_url(url=redirect_to, host=request.get_host()):
                        redirect_to = resolve_url(djsettings.LOGIN_REDIRECT_URL)
                    auth_login(request, form.get_user())
                    Message.objects.create(type=u'????', user=request.user, action=u'????',
                                           action_ip=UserIP(request), content='???? %s'%request.user)
                    return HttpResponseRedirect(redirect_to)
            else:
                Message.objects.create(type=u'????', user=request.POST.get('username'), action=u'????',
                                       action_ip=UserIP(request), content=u'?????? %s'%request.POST.get('username'))
    else:
        form = authentication_form(request)
    return render(request, 'registration/login.html', {'form':form, 'title':'????'})
views.py 文件源码 项目:SOMS 作者: qitan 项目源码 文件源码 阅读 18 收藏 0 点赞 0 评论 0
def logout(request, next_page=None, redirect_field_name=REDIRECT_FIELD_NAME):
    """
    Logs out the user and displays 'You are logged out' message.
    """
    Message.objects.create(type=u'????', user=request.user, action=u'????', action_ip=UserIP(request),
                           content='???? %s' % request.user)
    auth_logout(request)

    if next_page is not None:
        next_page = resolve_url(next_page)

    if (redirect_field_name in request.POST or
            redirect_field_name in request.GET):
        next_page = request.POST.get(redirect_field_name,
                                     request.GET.get(redirect_field_name))
        # Security check -- don't allow redirection to a different host.
        if not is_safe_url(url=next_page, host=request.get_host()):
            next_page = request.path

    if next_page:
        # Redirect to this page until the session has been cleared.
        return HttpResponseRedirect(next_page)

        return HttpResponseRedirect('/')
utils.py 文件源码 项目:tissuelab 作者: VirtualPlants 项目源码 文件源码 阅读 21 收藏 0 点赞 0 评论 0
def next_redirect(request, fallback, **get_kwargs):
    """
    Handle the "where should I go next?" part of comment views.

    The next value could be a
    ``?next=...`` GET arg or the URL of a given view (``fallback``). See
    the view modules for examples.

    Returns an ``HttpResponseRedirect``.
    """
    next = request.POST.get('next')
    if not is_safe_url(url=next, host=request.get_host()):
        next = resolve_url(fallback)

    if get_kwargs:
        if '#' in next:
            tmp = next.rsplit('#', 1)
            next = tmp[0]
            anchor = '#' + tmp[1]
        else:
            anchor = ''

        joiner = '&' if '?' in next else '?'
        next += joiner + urlencode(get_kwargs) + anchor
    return HttpResponseRedirect(next)
oauth.py 文件源码 项目:api-django 作者: lafranceinsoumise 项目源码 文件源码 阅读 32 收藏 0 点赞 0 评论 0
def get_redirect_url(self, *args, **kwargs):
        client = OAuth2Session(
            client_id=settings.OAUTH['client_id'],
            redirect_uri=settings.OAUTH['redirect_domain'] + reverse('oauth_return_view'),
            scope=['view_profile'],
        )

        # extract next url
        next_url = self.request.GET.get('next', None)

        # save it to the session
        if next_url and is_safe_url(next_url):
            self.request.session['login_next_url'] = next_url

        # the user is then redirected to the auth provider with the right parameters
        url, state = client.authorization_url(settings.OAUTH['authorization_url'])

        # the nonce is saved inside the session
        self.request.session['oauth2_nonce'] = state
        return url
views.py 文件源码 项目:django-rtc 作者: scifiswapnil 项目源码 文件源码 阅读 22 收藏 0 点赞 0 评论 0
def get_next_page(self):
        if self.next_page is not None:
            next_page = resolve_url(self.next_page)
        elif settings.LOGOUT_REDIRECT_URL:
            next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
        else:
            next_page = self.next_page

        if (self.redirect_field_name in self.request.POST or
                self.redirect_field_name in self.request.GET):
            next_page = self.request.POST.get(
                self.redirect_field_name,
                self.request.GET.get(self.redirect_field_name)
            )
            url_is_safe = is_safe_url(
                url=next_page,
                allowed_hosts=self.get_success_url_allowed_hosts(),
                require_https=self.request.is_secure(),
            )
            # Security check -- Ensure the user-originating redirection URL is
            # safe.
            if not url_is_safe:
                next_page = self.request.path
        return next_page
views.py 文件源码 项目:retoohs 作者: youyaochi 项目源码 文件源码 阅读 26 收藏 0 点赞 0 评论 0
def logout(request):
    auth_logout(request)

    if 'next' in request.POST or 'next' in request.GET:
        next_page = request.POST.get('next', request.GET.get('next'))
        if not is_safe_url(url=next_page, host=request.get_host()):
            return HttpResponseRedirect(request.path)
        else:
            return HttpResponseRedirect(next_page)

    current_site = get_current_site(request)
    context = {
        'site': current_site,
        'site_name': current_site.name,
        'title': 'Logged out'
    }

    return TemplateResponse(request, 'logout.html', context)
views.py 文件源码 项目:netbox 作者: digitalocean 项目源码 文件源码 阅读 21 收藏 0 点赞 0 评论 0
def post(self, request):
        form = LoginForm(request, data=request.POST)
        if form.is_valid():

            # Determine where to direct user after successful login
            redirect_to = request.POST.get('next', '')
            if not is_safe_url(url=redirect_to, host=request.get_host()):
                redirect_to = reverse('home')

            # Authenticate user
            auth_login(request, form.get_user())
            messages.info(request, "Logged in as {}.".format(request.user))

            return HttpResponseRedirect(redirect_to)

        return render(request, self.template_name, {
            'form': form,
        })
views.py 文件源码 项目:ccvpn3 作者: CCrypto 项目源码 文件源码 阅读 24 收藏 0 点赞 0 评论 0
def set_lang(request):
    """ django.views.i18n.set_language() with GET """

    next = request.GET.get('next', request.GET.get('next'))
    if not is_safe_url(url=next, host=request.get_host()):
        next = request.META.get('HTTP_REFERER')
        if not is_safe_url(url=next, host=request.get_host()):
            next = '/'
    response = http.HttpResponseRedirect(next)
    lang_code = request.GET.get('lang', None)
    if lang_code and check_for_language(lang_code):
        if hasattr(request, 'session'):
            request.session[LANGUAGE_SESSION_KEY] = lang_code
        else:
            response.set_cookie(settings.LANGUAGE_COOKIE_NAME, lang_code,
                                max_age=settings.LANGUAGE_COOKIE_AGE,
                                path=settings.LANGUAGE_COOKIE_PATH,
                                domain=settings.LANGUAGE_COOKIE_DOMAIN)
    return response
views_misc.py 文件源码 项目:money-to-prisoners-send-money 作者: ministryofjustice 项目源码 文件源码 阅读 22 收藏 0 点赞 0 评论 0
def help_view(request, page='payment-issues'):
    """
    FAQ sections
    @param request: the HTTP request
    @param page: page slug
    """
    context = {
        'breadcrumbs_back': settings.START_PAGE_URL,
    }
    return_to = request.META.get('HTTP_REFERER') or ''
    return_to_within_site = is_safe_url(url=return_to, host=request.get_host())
    return_to_same_page = return_to.split('?')[0] == request.build_absolute_uri().split('?')[0]
    if page != 'payment-issues' and return_to_within_site and not return_to_same_page:
        context['breadcrumbs_back'] = return_to
    response = render(request, 'send_money/help/%s.html' % page, context=context)
    return make_response_cacheable(response)
views.py 文件源码 项目:LatinSounds_AppEnviaMail 作者: G3ek-aR 项目源码 文件源码 阅读 19 收藏 0 点赞 0 评论 0
def get_next_page(self):
        if self.next_page is not None:
            next_page = resolve_url(self.next_page)
        elif settings.LOGOUT_REDIRECT_URL:
            next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)
        else:
            next_page = self.next_page

        if (self.redirect_field_name in self.request.POST or
                self.redirect_field_name in self.request.GET):
            next_page = self.request.POST.get(
                self.redirect_field_name,
                self.request.GET.get(self.redirect_field_name)
            )
            url_is_safe = is_safe_url(
                url=next_page,
                allowed_hosts=self.get_success_url_allowed_hosts(),
                require_https=self.request.is_secure(),
            )
            # Security check -- Ensure the user-originating redirection URL is
            # safe.
            if not url_is_safe:
                next_page = self.request.path
        return next_page
views.py 文件源码 项目:iguana 作者: iguana-project 项目源码 文件源码 阅读 41 收藏 0 点赞 0 评论 0
def post(self, request):
        form = self.form_class(data=request.POST)

        # NOTE: authenticate is already called internally in form.clean
        if form.is_valid():
            username_or_email = request.POST['username']
            password = request.POST['password']
            # NOTE: authenticate is already called internally in form.clean so there is no need to verify the result
            user = authenticate(username=username_or_email, password=password)
            login(request, user)

            request.session[translation.LANGUAGE_SESSION_KEY] = user.language
            redirect_to = request.POST.get('next', request.GET.get('next', reverse('landing_page:home')))
            redirect_to = (redirect_to
                           if is_safe_url(redirect_to, request.get_host())
                           else reverse('landing_page:home'))
            if redirect_to == "":
                return HttpResponseRedirect(reverse("landing_page:home"))
            else:
                return HttpResponseRedirect(redirect_to)

        return render(request, 'registration/login.html', {'form': form})
views.py 文件源码 项目:CodingDojo 作者: ComputerSocietyUNB 项目源码 文件源码 阅读 19 收藏 0 点赞 0 评论 0
def login(request, template_name='registration/login.html',
          redirect_field_name=REDIRECT_FIELD_NAME,
          authentication_form=AuthenticationForm,
          extra_context=None):
    """
    Displays the login form and handles the login action.
    """
    redirect_to = request.POST.get(redirect_field_name,
                                   request.GET.get(redirect_field_name, ''))

    if request.method == "POST":
        form = authentication_form(request, data=request.POST)
        if form.is_valid():

            # Ensure the user-originating redirection url is safe.
            if not is_safe_url(url=redirect_to, host=request.get_host()):
                redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)

            # Okay, security check complete. Log the user in.
            auth_login(request, form.get_user())

            return HttpResponseRedirect(redirect_to)
    else:
        form = authentication_form(request)

    current_site = get_current_site(request)

    context = {
        'form': form,
        redirect_field_name: redirect_to,
        'site': current_site,
        'site_name': current_site.name,
    }
    if extra_context is not None:
        context.update(extra_context)

    return TemplateResponse(request, template_name, context)
views.py 文件源码 项目:CodingDojo 作者: ComputerSocietyUNB 项目源码 文件源码 阅读 19 收藏 0 点赞 0 评论 0
def logout(request, next_page=None,
           template_name='registration/logged_out.html',
           redirect_field_name=REDIRECT_FIELD_NAME,
           extra_context=None):
    """
    Logs out the user and displays 'You are logged out' message.
    """
    auth_logout(request)

    if next_page is not None:
        next_page = resolve_url(next_page)

    if (redirect_field_name in request.POST or
            redirect_field_name in request.GET):
        next_page = request.POST.get(redirect_field_name,
                                     request.GET.get(redirect_field_name))
        # Security check -- don't allow redirection to a different host.
        if not is_safe_url(url=next_page, host=request.get_host()):
            next_page = request.path

    if next_page:
        # Redirect to this page until the session has been cleared.
        return HttpResponseRedirect(next_page)

    current_site = get_current_site(request)
    context = {
        'site': current_site,
        'site_name': current_site.name,
        'title': _('Logged out')
    }
    if extra_context is not None:
        context.update(extra_context)

    return TemplateResponse(request, template_name, context)
i18n.py 文件源码 项目:CodingDojo 作者: ComputerSocietyUNB 项目源码 文件源码 阅读 19 收藏 0 点赞 0 评论 0
def set_language(request):
    """
    Redirect to a given url while setting the chosen language in the
    session or cookie. The url and the language code need to be
    specified in the request parameters.

    Since this view changes how the user will see the rest of the site, it must
    only be accessed as a POST request. If called as a GET request, it will
    redirect to the page in the request (the 'next' parameter) without changing
    any state.
    """
    next = request.POST.get('next', request.GET.get('next'))
    if not is_safe_url(url=next, host=request.get_host()):
        next = request.META.get('HTTP_REFERER')
        if not is_safe_url(url=next, host=request.get_host()):
            next = '/'
    response = http.HttpResponseRedirect(next)
    if request.method == 'POST':
        lang_code = request.POST.get(LANGUAGE_QUERY_PARAMETER)
        if lang_code and check_for_language(lang_code):
            next_trans = translate_url(next, lang_code)
            if next_trans != next:
                response = http.HttpResponseRedirect(next_trans)
            if hasattr(request, 'session'):
                request.session[LANGUAGE_SESSION_KEY] = lang_code
            else:
                response.set_cookie(settings.LANGUAGE_COOKIE_NAME, lang_code,
                                    max_age=settings.LANGUAGE_COOKIE_AGE,
                                    path=settings.LANGUAGE_COOKIE_PATH,
                                    domain=settings.LANGUAGE_COOKIE_DOMAIN)
    return response
views.py 文件源码 项目:NarshaTech 作者: KimJangHyeon 项目源码 文件源码 阅读 19 收藏 0 点赞 0 评论 0
def _get_login_redirect_url(request, redirect_to):
    # Ensure the user-originating redirection URL is safe.
    if not is_safe_url(url=redirect_to, host=request.get_host()):
        return resolve_url(settings.LOGIN_REDIRECT_URL)
    return redirect_to
views.py 文件源码 项目:NarshaTech 作者: KimJangHyeon 项目源码 文件源码 阅读 20 收藏 0 点赞 0 评论 0
def logout(request, next_page=None,
           template_name='registration/logged_out.html',
           redirect_field_name=REDIRECT_FIELD_NAME,
           extra_context=None):
    """
    Logs out the user and displays 'You are logged out' message.
    """
    auth_logout(request)

    if next_page is not None:
        next_page = resolve_url(next_page)
    elif settings.LOGOUT_REDIRECT_URL:
        next_page = resolve_url(settings.LOGOUT_REDIRECT_URL)

    if (redirect_field_name in request.POST or
            redirect_field_name in request.GET):
        next_page = request.POST.get(redirect_field_name,
                                     request.GET.get(redirect_field_name))
        # Security check -- don't allow redirection to a different host.
        if not is_safe_url(url=next_page, host=request.get_host()):
            next_page = request.path

    if next_page:
        # Redirect to this page until the session has been cleared.
        return HttpResponseRedirect(next_page)

    current_site = get_current_site(request)
    context = {
        'site': current_site,
        'site_name': current_site.name,
        'title': _('Logged out')
    }
    if extra_context is not None:
        context.update(extra_context)

    return TemplateResponse(request, template_name, context)
views.py 文件源码 项目:SpongeAuth 作者: lukegb 项目源码 文件源码 阅读 18 收藏 0 点赞 0 评论 0
def _login_redirect_url(request, fallback_to=None):
    redirect_to = request.POST.get('next', request.GET.get('next', ''))
    if not redirect_to or not is_safe_url(url=redirect_to, host=request.get_host()):
        return fallback_to or django_settings.LOGIN_REDIRECT_URL
    return redirect_to
views.py 文件源码 项目:Scrum 作者: prakharchoudhary 项目源码 文件源码 阅读 20 收藏 0 点赞 0 评论 0
def get_success_url(self):
        """Ensure the user-originating redirection URL is safe."""
        redirect_to = self.request.POST.get(
            self.redirect_field_name,
            self.request.GET.get(self.redirect_field_name, '')
        )
        url_is_safe = is_safe_url(
            url=redirect_to,
            allowed_hosts=self.get_success_url_allowed_hosts(),
            require_https=self.request.is_secure(),
        )
        if not url_is_safe:
            return resolve_url(settings.LOGIN_REDIRECT_URL)
        return redirect_to


问题


面经


文章

微信
公众号

扫码关注公众号