From b9fd5d1fd532bdc0acd271d5137251fea3f87282 Mon Sep 17 00:00:00 2001 From: kumojima Date: Wed, 4 Dec 2024 00:08:25 +0900 Subject: Enable redirect to back_url including port after login --- app/controllers/application_controller.rb | 2 +- test/functional/account_controller_test.rb | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 111c85bc5..337114976 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -505,7 +505,7 @@ class ApplicationController < ActionController::Base begin uri = Addressable::URI.parse(back_url) - [:scheme, :host, :port].each do |component| + [:scheme, :port, :host].each do |component| if uri.send(component).present? && uri.send(component) != request.send(component) return false end diff --git a/test/functional/account_controller_test.rb b/test/functional/account_controller_test.rb index 083b2bafd..63e640da0 100644 --- a/test/functional/account_controller_test.rb +++ b/test/functional/account_controller_test.rb @@ -660,4 +660,20 @@ class AccountControllerTest < Redmine::ControllerTest end end end + + def test_validate_back_url + request.host = 'example.com' + + assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com/admin') + assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com/issues?query_id=1#top') + assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com/issues') + end + + def test_validate_back_url_with_port + request.host = 'example.com:3000' + + assert_equal '/admin', @controller.send(:validate_back_url, 'http://example.com:3000/admin') + assert_equal '/issues?query_id=1#top', @controller.send(:validate_back_url, 'http://example.com:3000/issues?query_id=1#top') + assert_equal false, @controller.send(:validate_back_url, 'http://invalid.example.com:3000/issues') + end end -- 2.34.1