Adjust the redirect URI precedence in cookie auth
This commit is contained in:
parent
1ef62a40b3
commit
97afe4acc8
|
|
@ -315,20 +315,23 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
|
if (shouldRedirectToReturnUrl && Response.StatusCode == 200)
|
||||||
{
|
{
|
||||||
CookieRedirectContext redirectContext = null;
|
CookieRedirectContext redirectContext = null;
|
||||||
|
|
||||||
var query = Request.Query;
|
// set redirect uri in order:
|
||||||
var redirectUri = query[Options.ReturnUrlParameter];
|
// 1. properties.RedirectUri
|
||||||
if (!StringValues.IsNullOrEmpty(redirectUri) && IsHostRelative(redirectUri))
|
// 2. query parameter ReturnUrlParameter
|
||||||
|
var redirectUri = properties.RedirectUri;
|
||||||
|
if (string.IsNullOrEmpty(redirectUri) || !IsHostRelative(redirectUri))
|
||||||
{
|
{
|
||||||
redirectContext = new CookieRedirectContext(Context, Options, redirectUri, properties);
|
redirectUri = Request.Query[Options.ReturnUrlParameter];
|
||||||
}
|
if (string.IsNullOrEmpty(redirectUri) || !IsHostRelative(redirectUri))
|
||||||
else if (!string.IsNullOrEmpty(properties.RedirectUri) && IsHostRelative(properties.RedirectUri))
|
{
|
||||||
{
|
redirectUri = null;
|
||||||
redirectContext = new CookieRedirectContext(Context, Options, properties.RedirectUri, properties);
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (redirectContext != null)
|
if (redirectUri != null)
|
||||||
{
|
{
|
||||||
|
redirectContext = new CookieRedirectContext(Context, Options, redirectUri, properties);
|
||||||
await Options.Events.RedirectToReturnUrl(redirectContext);
|
await Options.Events.RedirectToReturnUrl(redirectContext);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1074,6 +1074,29 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
Assert.Equal("/redirect_test", transaction.Response.Headers.Location.ToString());
|
Assert.Equal("/redirect_test", transaction.Response.Headers.Location.ToString());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public async Task RedirectUriInQueryIsHoneredAfterSignin()
|
||||||
|
{
|
||||||
|
var options = new CookieAuthenticationOptions
|
||||||
|
{
|
||||||
|
LoginPath = "/testpath",
|
||||||
|
ReturnUrlParameter = "return",
|
||||||
|
CookieName = "TestCookie"
|
||||||
|
};
|
||||||
|
|
||||||
|
var server = CreateServer(options, async context =>
|
||||||
|
{
|
||||||
|
await context.Authentication.SignInAsync(
|
||||||
|
CookieAuthenticationDefaults.AuthenticationScheme,
|
||||||
|
new ClaimsPrincipal(new ClaimsIdentity(new GenericIdentity("Alice", CookieAuthenticationDefaults.AuthenticationScheme))));
|
||||||
|
});
|
||||||
|
var transaction = await SendAsync(server, "http://example.com/testpath?return=%2Fret_path_2");
|
||||||
|
|
||||||
|
Assert.NotEmpty(transaction.SetCookie);
|
||||||
|
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
|
||||||
|
Assert.Equal("/ret_path_2", transaction.Response.Headers.Location.ToString());
|
||||||
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
public async Task EnsurePrecedenceOfRedirectUriAfterSignin()
|
public async Task EnsurePrecedenceOfRedirectUriAfterSignin()
|
||||||
{
|
{
|
||||||
|
|
@ -1095,7 +1118,7 @@ namespace Microsoft.AspNetCore.Authentication.Cookies
|
||||||
|
|
||||||
Assert.NotEmpty(transaction.SetCookie);
|
Assert.NotEmpty(transaction.SetCookie);
|
||||||
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
|
Assert.Equal(HttpStatusCode.Redirect, transaction.Response.StatusCode);
|
||||||
Assert.Equal("/ret_path_2", transaction.Response.Headers.Location.ToString());
|
Assert.Equal("/redirect_test", transaction.Response.Headers.Location.ToString());
|
||||||
}
|
}
|
||||||
|
|
||||||
[Fact]
|
[Fact]
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue