tabshift/payload
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: only allow redirects to /admin sub-routes

Browse Source
This commit is contained in:
Alessio Gravili
2023-08-13 16:25:14 +02:00
parent 52de1f6ab0
commit c0f05a1c38
3 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/admin/components/Routes.tsx
View File

@@ -315,7 +315,7 @@ const Routes: React.FC = () => {
<Unauthorized />
)}
</Fragment>
) : <Redirect to={`${match.url}/login?redirect=${encodeURIComponent(window.location.pathname)}`} />}
) : <Redirect to={`${match.url}/login${window.location.pathname.startsWith(routes.admin) ? `?redirect=${encodeURIComponent(window.location.pathname.replace(routes.admin, ''))}` : ''}`} />}
</Route>
<Route path={`${match.url}*`}>
<NotFound />

14
src/admin/components/utilities/Auth/index.tsx
View File

@@ -64,7 +64,12 @@ export const AuthProvider: React.FC<{ children: React.ReactNode }> = ({ children
setUser(json.user);
} else {
setUser(null);
push(`${admin}${logoutInactivityRoute}?redirect=${encodeURIComponent(window.location.pathname)}`);
if (window.location.pathname.startsWith(admin)) {
const redirectParam = `?redirect=${encodeURIComponent(window.location.pathname.replace(admin, ''))}`;
push(`${admin}${logoutInactivityRoute}${redirectParam}`);
} else {
push(`${admin}${logoutInactivityRoute}`);
}
}
} catch (e) {
toast.error(e.message);
@@ -220,7 +225,12 @@ export const AuthProvider: React.FC<{ children: React.ReactNode }> = ({ children
if (remainingTime > 0) {
forceLogOut = setTimeout(() => {
setUser(null);
push(`${admin}${logoutInactivityRoute}?redirect=${encodeURIComponent(window.location.pathname)}`);
if (window.location.pathname.startsWith(admin)) {
const redirectParam = `?redirect=${encodeURIComponent(window.location.pathname.replace(admin, ''))}`;
push(`${admin}${logoutInactivityRoute}${redirectParam}`);
} else {
push(`${admin}${logoutInactivityRoute}`);
}
closeAllModals();
}, Math.min(remainingTime * 1000, maxTimeoutTime));
}

3
src/admin/components/views/Login/index.tsx
View File

@@ -51,7 +51,8 @@ const Login: React.FC = () => {
if (data.token) {
setToken(data.token);
history.push(redirect || admin);
// Ensure the redirect always starts with the admin route, and concatenate the redirect path
history.push(admin + (redirect || ''));
}
};