Don't redirect to images, icons, etc, in login workflow

2024-11-07 20:31:06 -05:00 · 2017-05-12 15:46:16 +01:00 · 2017-05-12 15:46:16 +01:00 · 0e26222551
commit 0e26222551
parent d550ede112
2 changed files with 13 additions and 1 deletions
--- a/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
+++ b/services/web/app/coffee/Features/Authentication/AuthenticationController.coffee
@ -196,7 +196,11 @@ module.exports = AuthenticationController =
 	_setRedirectInSession: (req, value) ->
 		if !value?
 			value = if Object.keys(req.query).length > 0 then "#{req.path}?#{querystring.stringify(req.query)}" else "#{req.path}"
-		if req.session? && !value.match(new RegExp('^\/(socket.io|js|stylesheets|img)\/.*$'))
+		if (
+			req.session? &&
+			!value.match(new RegExp('^\/(socket.io|js|stylesheets|img)\/.*$')) &&
+			!value.match(new RegExp('^.*\.(png|jpeg|svg)$'))
+		)
 			req.session.postLoginRedirect = value

 	_getRedirectFromSession: (req) ->
--- a/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee
+++ b/services/web/test/UnitTests/coffee/Authentication/AuthenticationControllerTests.coffee
@ -555,6 +555,14 @@ describe "AuthenticationController", ->
 			@AuthenticationController._setRedirectInSession(@req, '/somewhere/specific')
 			expect(@req.session.postLoginRedirect).to.equal "/somewhere/specific"

+		describe 'with a png', ->
+			beforeEach ->
+				@req = {session: {}}
+
+			it 'should not set the redirect', ->
+				@AuthenticationController._setRedirectInSession(@req, '/something.png')
+				expect(@req.session.postLoginRedirect).to.equal undefined
+
 		describe 'with a js path', ->

 			beforeEach ->