Merge pull request fangli#17 from qwrrty/master

Prevent open-redirect vulnerabilities in the login flow
lamhuber · Mar 31, 2017 · 7ca98f1 · 7ca98f1
2 parents eed954d + 3f1beaf
commit 7ca98f1
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 1 deletion.
diff --git a/AUTHORS.rst b/AUTHORS.rst
@@ -21,4 +21,5 @@ Contributors
 
 - `jacobh <https://github.com/jacobh>`_
 - `Gene Wood <http://github.com/gene1wood/>`_
-- `Terry <https://github.com/tpeng>`_
+- `Terry <https://github.com/tpeng>`_
+- `Tim Pierce <https://github.com/qwrrty/>` (Adobe Systems)
diff --git a/django_saml2_auth/views.py b/django_saml2_auth/views.py
@@ -20,6 +20,7 @@
 from django.views.decorators.csrf import csrf_exempt
 from django.template import TemplateDoesNotExist
 from django.http import HttpResponseRedirect
+from django.utils.http import is_safe_url
 
 try:
     import urllib2 as _urllib
@@ -183,6 +184,10 @@ def signin(r):
     except:
         next_url = r.GET.get('next', get_reverse('admin:index'))
 
+    # Only permit signin requests where the next_url is a safe URL
+    if not is_safe_url(next_url):
+        return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))
+
     r.session['login_next_url'] = next_url
 
     saml_client = _get_saml_client(get_current_domain(r))