fix: Logging in redirects to the right page. (#201)

* fix: Logging in redirects to the right page.

Author: yammesicka

lms/lmsweb/views.py

@@ -96,21 +96,28 @@ def is_safe_url(target):
     )
 
 
+def get_next_url(url_next_param: Optional[str]):
+    next_url = url_next_param if url_next_param else None
+    if not is_safe_url(next_url):
+        return fail(400, "The URL isn't safe.")
+    return redirect(next_url or url_for('main'))
+
+
 @webapp.route('/login', methods=['GET', 'POST'])
 def login():
     if current_user.is_authenticated:
-        return redirect(url_for('main'))
+        return get_next_url(request.args.get('next'))
 
     username = request.form.get('username')
     password = request.form.get('password')
+    next_page = request.form.get('next')
     user = User.get_or_none(username=username)
 
     if user is not None and user.is_password_valid(password):
         login_user(user)
-        next_url = request.args.get('next_url')
-        if not is_safe_url(next_url):
-            return fail(400, "The URL isn't safe.")
-        return redirect(next_url or url_for('main'))
+        return get_next_url(next_page)
+    elif user is not None:
+        return redirect(url_for('login', **{'next': next_page}))
 
     return render_template('login.html')
 

lms/templates/login.html

@@ -20,6 +20,9 @@ <h1 id="main-title" class="h3 font-weight-normal">{{ _('התחברות') }}</h1>
                 <div class="form-group">
                     <input class="form-control form-control-lg" type="hidden" name="csrf_token" id="csrf_token" value="{{ csrf_token() }}" required>
                 </div>
+                <div class="form-group">
+                  <input class="form-control form-control-lg" type="hidden" name="next" id="next" value="{{ request.args.get('next', '') }}">
+                </div>
                 <button class="btn btn-primary btn-lg btn-block">{{ _('התחבר') }}</button>
             </form>
         </div>