ekzyis/stacker.news
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

attempt to fix auth linking regression

Browse Source
This commit is contained in:
keyan 2023-07-10 12:18:17 -05:00
parent 34ba823bd4
commit 27833c9888
2 changed files with 5 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pages/login.js
View File

@ -7,15 +7,16 @@ import { isExternal } from '../lib/url'
export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) { export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {
const session = await getSession({ req }) const session = await getSession({ req })
// assume external by default so we will use fallback callback // prevent open redirects. See https://github.com/stackernews/stacker.news/issues/264
let external = true // let undefined urls through without redirect ... otherwise this interferes with multiple auth linking
let external = callbackUrl !== undefined
try { try {
external = isExternal(decodeURIComponent(callbackUrl)) external = isExternal(decodeURIComponent(callbackUrl))
} catch (err) { } catch (err) {
console.error('error decoding callback:', callbackUrl, err) console.error('error decoding callback:', callbackUrl, err)
} }
if (external) { if (external) {
// This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264
callbackUrl = '/' callbackUrl = '/'
} }

35
pages/signup.js
View File

@ -1,40 +1,7 @@
import { providers, getSession } from 'next-auth/client'
import Link from 'next/link' import Link from 'next/link'
import LayoutStatic from '../components/layout-static' import LayoutStatic from '../components/layout-static'
import Login from '../components/login' import Login from '../components/login'
import { isExternal } from '../lib/url' export { getServerSideProps } from '../components/login'
export async function getServerSideProps ({ req, res, query: { callbackUrl, error = null } }) {
const session = await getSession({ req })
// assume external by default so we will use fallback callback
let external = true
try {
external = isExternal(decodeURIComponent(callbackUrl))
} catch (err) {
console.error('error decoding callback:', callbackUrl, err)
}
if (external) {
// This is a hotfix for open redirects. See https://github.com/stackernews/stacker.news/issues/264
callbackUrl = '/'
}
if (session && res && callbackUrl) {
res.writeHead(302, {
Location: callbackUrl
})
res.end()
return { props: {} }
}
return {
props: {
providers: await providers({ req, res }),
callbackUrl,
error
}
}
}
function SignUpHeader () { function SignUpHeader () {
return ( return (