auth: fix open redirect bug on non-2FA login Thanks to Dag Vikan for pointing this out.
1 files changed, 1 insertions(+), 0 deletions(-) M metasrht/blueprints/auth.py
M metasrht/blueprints/auth.py => metasrht/blueprints/auth.py +1 -0
@@ 275,6 275,7 @@ def login_POST(): print(f"Logged in account: {user.username} ({user.email})") db.session.commit() metrics.meta_logins_success.inc() + return_to = validate_return_url(return_to) return redirect(return_to) @auth.route("/login/challenge/totp")