chg: [auth] Takes into account MISP baseurl for redirections

authImprovements
mokaddem 2019-10-11 08:37:46 +02:00
parent 4d5ee49357
commit 21dedd37ed
1 changed files with 9 additions and 7 deletions

View File

@ -127,12 +127,12 @@ class User(UserMixin):
post_data["data[_Token][key]"] = token_key.group(1) post_data["data[_Token][key]"] = token_key.group(1)
# POST request with user credentials + hidden form values. # POST request with user credentials + hidden form values.
post_to_login_page = session.post(misp_login_page, data=post_data) post_to_login_page = session.post(misp_login_page, data=post_data, allow_redirects=False)
# Consider setup with MISP baseurl set
redirect_location = post_to_login_page.headers.get('Location', '')
# Authentication is successful if MISP returns a redirect to '/users/routeafterlogin'. # Authentication is successful if MISP returns a redirect to '/users/routeafterlogin'.
for resp in post_to_login_page.history: if '/users/routeafterlogin' in redirect_location:
if resp.url == auth_host + '/users/routeafterlogin': return True
return True
return None return None
@ -191,8 +191,10 @@ def login():
login_user(user) login_user(user)
return redirect(url_for('index')) return redirect(url_for('index'))
return redirect(url_for('login')) return redirect(url_for('login', auth_error=True))
return render_template('login.html', title='Login', form=form) else:
auth_error = request.args.get('auth_error', False)
return render_template('login.html', title='Login', form=form, authError=auth_error)