From f21f16e3f2a150d9c72529ea0928edc44cd43c26 Mon Sep 17 00:00:00 2001
From: Son NK <son@imac-de-son.home>
Date: Mon, 8 Jul 2019 19:33:28 +0200
Subject: [PATCH] redirect user to next after login with github/google

---
 app/auth/templates/auth/login.html | 10 +++---
 app/auth/views/github.py           | 20 ++++++++----
 app/auth/views/login.py            | 52 +++++++++++++++---------------
 3 files changed, 45 insertions(+), 37 deletions(-)

diff --git a/app/auth/templates/auth/login.html b/app/auth/templates/auth/login.html
index 1728f0e8..095af574 100644
--- a/app/auth/templates/auth/login.html
+++ b/app/auth/templates/auth/login.html
@@ -75,17 +75,19 @@
         <div class="card-body p-6">
           <div class="card-title">Social sign in</div>
 
-          <a href="{{ url_for('auth.github_login') }}" class="btn btn-block btn-social btn-github">
+          <a href="{{ url_for('auth.github_login', next=next_url) }}"
+             class="btn btn-block btn-social btn-github">
             <i class="fa fa-github"></i> Sign in with Github
           </a>
 
-          <a href="{{ url_for('auth.google_login') }}" class="btn btn-block btn-social btn-google">
+          <a href="{{ url_for('auth.google_login', next=next_url) }}"
+             class="btn btn-block btn-social btn-google">
             <i class="fa fa-google"></i> Sign in with Google
           </a>
+        </div>
       </div>
-    </div>
 
-  </div>
+    </div>
 
 
 {% endblock %}
\ No newline at end of file
diff --git a/app/auth/views/github.py b/app/auth/views/github.py
index 23031c7d..e4eea08f 100644
--- a/app/auth/views/github.py
+++ b/app/auth/views/github.py
@@ -9,22 +9,28 @@ from app.email_utils import notify_admin
 from app.extensions import db
 from app.log import LOG
 from app.models import User
-from app.utils import random_string
+from app.utils import random_string, encode_url
 
-authorization_base_url = "https://github.com/login/oauth/authorize"
-token_url = "https://github.com/login/oauth/access_token"
+_authorization_base_url = "https://github.com/login/oauth/authorize"
+_token_url = "https://github.com/login/oauth/access_token"
 
 # need to set explicitly redirect_uri instead of leaving the lib to pre-fill redirect_uri
 # when served behind nginx, the redirect_uri is localhost... and not the real url
-redirect_uri = URL + "/auth/github/callback"
+_redirect_uri = URL + "/auth/github/callback"
 
 
 @auth_bp.route("/github/login")
 def github_login():
+    next_url = request.args.get("next")
+    if next_url:
+        redirect_uri = _redirect_uri + "?next=" + encode_url(next_url)
+    else:
+        redirect_uri = _redirect_uri
+
     github = OAuth2Session(
         GITHUB_CLIENT_ID, scope=["user:email"], redirect_uri=redirect_uri
     )
-    authorization_url, state = github.authorization_url(authorization_base_url)
+    authorization_url, state = github.authorization_url(_authorization_base_url)
 
     # State is used to prevent CSRF, keep this for later.
     session["oauth_state"] = state
@@ -37,10 +43,10 @@ def github_callback():
         GITHUB_CLIENT_ID,
         state=session["oauth_state"],
         scope=["user:email"],
-        redirect_uri=redirect_uri,
+        redirect_uri=_redirect_uri,
     )
     token = github.fetch_token(
-        token_url,
+        _token_url,
         client_secret=GITHUB_CLIENT_SECRET,
         authorization_response=request.url,
     )
diff --git a/app/auth/views/login.py b/app/auth/views/login.py
index aae1516d..cfd5ad3f 100644
--- a/app/auth/views/login.py
+++ b/app/auth/views/login.py
@@ -20,36 +20,36 @@ def login():
         return redirect(url_for("dashboard.index"))
 
     form = LoginForm(request.form)
+    next_url = request.args.get("next")
+    error = ""
+    show_resend_activation = False
 
     if form.validate_on_submit():
         user = User.filter_by(email=form.email.data).first()
 
         if not user:
-            return render_template(
-                "auth/login.html", form=form, error="Email not exist in our system"
-            )
-
-        if not user.check_password(form.password.data):
-            return render_template("auth/login.html", form=form, error="Wrong password")
-
-        if not user.activated:
-            return render_template(
-                "auth/login.html",
-                form=form,
-                show_resend_activation=True,
-                error="Please check your inbox for the activation email. You can also have this email re-sent",
-            )
-
-        LOG.debug("log user %s in", user)
-        login_user(user)
-
-        # User comes to login page from another page
-        if "next" in request.args:
-            next_url = request.args.get("next")
-            LOG.debug("redirect user to %s", next_url)
-            return redirect(next_url)
+            error = "Email not exist in our system"
+        elif not user.check_password(form.password.data):
+            error = "Wrong password"
+        elif not user.activated:
+            show_resend_activation = True
+            error = "Please check your inbox for the activation email. You can also have this email re-sent"
         else:
-            LOG.debug("redirect user to dashboard")
-            return redirect(url_for("dashboard.index"))
+            LOG.debug("log user %s in", user)
+            login_user(user)
 
-    return render_template("auth/login.html", form=form)
+            # User comes to login page from another page
+            if next_url:
+                LOG.debug("redirect user to %s", next_url)
+                return redirect(next_url)
+            else:
+                LOG.debug("redirect user to dashboard")
+                return redirect(url_for("dashboard.index"))
+
+    return render_template(
+        "auth/login.html",
+        form=form,
+        next_url=next_url,
+        show_resend_activation=show_resend_activation,
+        error=error,
+    )