~sircmpwn/meta.sr.ht

2b353de12ced829216c145e7fd4d95319457e12a — Drew DeVault 3 months ago b1deacf 0.56.18
auth: fix open redirect bug on non-2FA login

Thanks to Dag Vikan for pointing this out.
1 files changed, 1 insertions(+), 0 deletions(-)

M metasrht/blueprints/auth.py
M metasrht/blueprints/auth.py => metasrht/blueprints/auth.py +1 -0
@@ 275,6 275,7 @@ def login_POST():
    print(f"Logged in account: {user.username} ({user.email})")
    db.session.commit()
    metrics.meta_logins_success.inc()
    return_to = validate_return_url(return_to)
    return redirect(return_to)

@auth.route("/login/challenge/totp")