urbit/shrub
1
1
Fork 0
mirror of https://github.com/urbit/shrub.git synced 2024-11-28 22:33:06 +03:00
Code Issues Packages Projects Releases Wiki Activity

eyre: don't lose redirect upon failing login

Browse Source 
If we failed the password check, the login page served to us would never
include any redirect details, even if they were there in the original request.

Now we simply (attempt to) parse out the redirect field a little earlier.
This commit is contained in:
Fang 2020-06-10 20:37:12 +02:00 committed by GitHub
parent 80ead610ea
commit a4785458d1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/arvo/sys/vane/eyre.hoon
View File

@ -950,12 +950,13 @@
?~ parsed
(return-static-data-on-duct 400 'text/html' (login-page ~ our))
::
=/ redirect=(unit @t) (get-header:http 'redirect' u.parsed)
?~ password=(get-header:http 'password' u.parsed)
(return-static-data-on-duct 400 'text/html' (login-page ~ our))
(return-static-data-on-duct 400 'text/html' (login-page redirect our))
:: check that the password is correct
::
?. =(u.password code)
(return-static-data-on-duct 400 'text/html' (login-page ~ our))
(return-static-data-on-duct 400 'text/html' (login-page redirect our))
:: mint a unique session cookie
::
=/ session=@uv
@ -981,7 +982,7 @@
=- out(moves [- moves.out])
[duct %pass /sessions/expire %b %wait expires-at]
::
?~ redirect=(get-header:http 'redirect' u.parsed)
?~ redirect
%- handle-response
:* %start
:- status-code=200