calibre-web/cps/redirect.py
Jonathan Rehm 623f5c8ef0 Add "magic link" functionality
When using a device that is bothersome to log in on (e.g. a Kindle) you can use a magic link to log in via another device.

Configuration was added and is disabled by default.
2017-07-07 18:29:16 -07:00

25 lines
725 B
Python

# http://flask.pocoo.org/snippets/62/
from urlparse import urlparse, urljoin
from flask import request, url_for, redirect
def is_safe_url(target):
ref_url = urlparse(request.host_url)
test_url = urlparse(urljoin(request.host_url, target))
return test_url.scheme in ('http', 'https') and ref_url.netloc == test_url.netloc
def get_redirect_target():
for target in request.values.get('next'), request.referrer:
if not target:
continue
if is_safe_url(target):
return target
def redirect_back(endpoint, **values):
target = request.form['next']
if not target or not is_safe_url(target):
target = url_for(endpoint, **values)
return redirect(target)