forked from rDrama/rDrama
fix redirect getting wiped on login fail
parent
d84b3220c3
commit
8b07f314e8
|
@ -60,16 +60,18 @@ def login_post(v:Optional[User]):
|
||||||
except: abort(400, "Multiple usernames have this email attached;<br>Please specify the username you want to login to!")
|
except: abort(400, "Multiple usernames have this email attached;<br>Please specify the username you want to login to!")
|
||||||
else: account = get_user(username, graceful=True)
|
else: account = get_user(username, graceful=True)
|
||||||
|
|
||||||
|
redir = request.values.get("redirect", "").strip().rstrip('?').lower()
|
||||||
|
|
||||||
if not account:
|
if not account:
|
||||||
time.sleep(random.uniform(0, 2))
|
time.sleep(random.uniform(0, 2))
|
||||||
return render_template("login/login.html", failed=True), 401
|
return render_template("login/login.html", failed=True, redirect=redir), 401
|
||||||
|
|
||||||
|
|
||||||
if request.values.get("password"):
|
if request.values.get("password"):
|
||||||
if not account.verifyPass(request.values.get("password")):
|
if not account.verifyPass(request.values.get("password")):
|
||||||
log_failed_admin_login_attempt(account, "password")
|
log_failed_admin_login_attempt(account, "password")
|
||||||
time.sleep(random.uniform(0, 2))
|
time.sleep(random.uniform(0, 2))
|
||||||
return render_template("login/login.html", failed=True), 401
|
return render_template("login/login.html", failed=True, redirect=redir), 401
|
||||||
|
|
||||||
if account.mfa_secret or session.get("GLOBAL"):
|
if account.mfa_secret or session.get("GLOBAL"):
|
||||||
now = int(time.time())
|
now = int(time.time())
|
||||||
|
@ -102,6 +104,7 @@ def login_post(v:Optional[User]):
|
||||||
time=now,
|
time=now,
|
||||||
hash=hash,
|
hash=hash,
|
||||||
failed=True,
|
failed=True,
|
||||||
|
redirect=redir,
|
||||||
), 401
|
), 401
|
||||||
else:
|
else:
|
||||||
abort(400)
|
abort(400)
|
||||||
|
@ -109,7 +112,6 @@ def login_post(v:Optional[User]):
|
||||||
g.login_failed = False
|
g.login_failed = False
|
||||||
on_login(account)
|
on_login(account)
|
||||||
|
|
||||||
redir = request.values.get("redirect", "").strip().rstrip('?').lower()
|
|
||||||
if redir and is_site_url(redir) and redir not in NO_LOGIN_REDIRECT_URLS:
|
if redir and is_site_url(redir) and redir not in NO_LOGIN_REDIRECT_URLS:
|
||||||
return redirect(redir)
|
return redirect(redir)
|
||||||
return redirect('/')
|
return redirect('/')
|
||||||
|
|
Loading…
Reference in New Issue