Merge pull request #127 from SmoFlaDru/dev-benno

Django 5 UUID column fix, lock file update, redirect logic after login
SmoFlaDru · Oct 30, 2024 · d527dc1 · d527dc1
2 parents 4dafbd9 + 424f41e
commit d527dc1
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 6 deletions.
diff --git a/frontend/passkeys.js b/frontend/passkeys.js
@@ -1,5 +1,10 @@
 import {startAuthentication, startRegistration} from '@simplewebauthn/browser'
 
+const isAllowedRedirectUrl = url => {
+    const regex = /^[A-Za-z0-9/]+$/;
+    return regex.test(str);
+}
+
 const sendToServerForVerificationAndLogin = async (response) => {
     try {
         console.log("sendToServerForVerificationAndLogin:", response);
@@ -15,7 +20,12 @@ const sendToServerForVerificationAndLogin = async (response) => {
         // Show UI appropriate for the `verified` status
         if (verificationJSON && verificationJSON.verified) {
             console.log("success")
-            window.location.href = '/profile';
+            const urlParams = new URLSearchParams(window.location.search);
+            let nextUrl = urlParams.get('next');
+            if (nextUrl === null || !isAllowedRedirectUrl(nextUrl)) {
+                nextUrl = '/profile';
+            }
+            window.location.href = nextUrl;
         } else {
             console.log("error", verificationJSON);
         }

diff --git a/spybot/migrations/0002_alter_loginlink_code.py b/spybot/migrations/0002_alter_loginlink_code.py
@@ -0,0 +1,20 @@
+# Generated by Django 4.2.15 on 2024-10-30 21:30
+
+from django.db import migrations
+import spybot.models
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('spybot', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='loginlink',
+            name='code',
+            field=spybot.models.Char32UUIDField(default=uuid.uuid4, editable=False, unique=True),
+        ),
+    ]
diff --git a/spybot/models.py b/spybot/models.py
@@ -195,9 +195,22 @@ class NewsEvent(DebuggableModel):
     date = models.DateTimeField(auto_now_add=True)
 
 
+# fix for Django 5 UUID column behavior change:
+# https://docs.djangoproject.com/en/5.0/releases/5.0/#migrating-existing-uuidfield-on-mariadb-10-7
+class Char32UUIDField(models.UUIDField):
+    def db_type(self, connection):
+        return "char(32)"
+
+    def get_db_prep_value(self, value, connection, prepared=False):
+        value = super().get_db_prep_value(value, connection, prepared)
+        if value is not None:
+            value = value.hex
+        return value
+
+
 class LoginLink(DebuggableModel):
     user = models.ForeignKey(MergedUser, models.CASCADE, blank=False, null=False, related_name="loginlinks")
-    code = models.UUIDField(default=uuid.uuid4, editable=False, unique=True)
+    code = Char32UUIDField(default=uuid.uuid4, editable=False, unique=True)
 
 
 class UserPasskey(models.Model):

diff --git a/uv.lock b/uv.lock