Dashboard: Fixes kiosk state after being redirected to login page and back (#29273)

* Login: Fixes issue where url parameters where modified by golang url code * Add tests * Fix test cases * Update pkg/middleware/auth_test.go Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com> * fixed formatting Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com> Co-authored-by: Sofia Papagiannaki <papagian@users.noreply.github.com>
2025-08-01 09:12:56 +08:00 · 2020-11-20 19:30:37 +01:00
parent 702cb90846
commit 1076f47509
2 changed files with 32 additions and 9 deletions
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@ -2,6 +2,7 @@ package middleware

 import (
 	"net/url"
+	"regexp"
 	"strconv"
 	"strings"

@ -53,18 +54,19 @@ func notAuthorized(c *models.ReqContext) {
 		redirectTo = setting.AppSubUrl + c.Req.RequestURI
 	}

-	// remove forceLogin query param if it exists
-	if parsed, err := url.ParseRequestURI(redirectTo); err == nil {
-		params := parsed.Query()
-		params.Del("forceLogin")
-		parsed.RawQuery = params.Encode()
-		WriteCookie(c.Resp, "redirect_to", url.QueryEscape(parsed.String()), 0, newCookieOptions)
-	} else {
-		c.Logger.Debug("Failed parsing request URI; redirect cookie will not be set", "redirectTo", redirectTo, "error", err)
-	}
+	// remove any forceLogin=true params
+	redirectTo = removeForceLoginParams(redirectTo)
+
+	WriteCookie(c.Resp, "redirect_to", url.QueryEscape(redirectTo), 0, newCookieOptions)
 	c.Redirect(setting.AppSubUrl + "/login")
 }

+var forceLoginParamsRegexp = regexp.MustCompile(`&?forceLogin=true`)
+
+func removeForceLoginParams(str string) string {
+	return forceLoginParamsRegexp.ReplaceAllString(str, "")
+}
+
 func EnsureEditorOrViewerCanEdit(c *models.ReqContext) {
 	if !c.SignedInUser.HasRole(models.ROLE_EDITOR) && !setting.ViewersCanEdit {
 		accessForbidden(c)