]> git.openstreetmap.org Git - rails.git/commitdiff
projects / rails.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7b5ea31)
Show referer link in already logged in warning
authorAnton Khorev <tony29@yandex.ru>
Sat, 26 Apr 2025 17:18:24 +0000 (20:18 +0300)
committerAnton Khorev <tony29@yandex.ru>
Sun, 27 Apr 2025 03:50:23 +0000 (06:50 +0300)
app/controllers/sessions_controller.rb patch | blob | history
app/views/sessions/new.html.erb patch | blob | history
config/locales/en.yml patch | blob | history
test/system/user_login_test.rb patch | blob | history

diff --git a/app/controllers/sessions_controller.rb b/app/controllers/sessions_controller.rb
index 19fe05f3082574961423f1f3965abcd53e386a43..090a9ea5c7d2233868ef61682ca71332a9a181ba 100644 (file)
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -16,6 +16,9 @@ class SessionsController < ApplicationController
   def new
     referer = safe_referer(params[:referer]) if params[:referer]
 
+    @safe_referer = referer
+    @safe_referer = nil if referer != params[:referer]
+
     parse_oauth_referer referer
   end
 
diff --git a/app/views/sessions/new.html.erb b/app/views/sessions/new.html.erb
index 6427a01e82124dde4d3a5507b7dd0edd4373beac..391a96291e26317318a11f9f74ecd7870616fd9c 100644 (file)
--- a/app/views/sessions/new.html.erb
+++ b/app/views/sessions/new.html.erb
@@ -28,8 +28,18 @@
 <% end %>
 
 <% if current_user %>
-  <div class="alert alert-warning">
-    <%= t ".already_logged_in_html", :user => tag.strong(current_user.display_name) %>
+  <div class="alert alert-warning pb-0">
+    <p>
+      <%= t ".already_logged_in_html", :user => tag.strong(current_user.display_name) %>
+    </p>
+    <% if @safe_referer %>
+      <p>
+        <%= t ".access_another_page" %>
+      </p>
+      <p class="text-center">
+        <%= link_to t(".visit_referring_page"), @safe_referer, :class => "btn btn-warning" %>
+      </p>
+    <% end %>
   </div>
 <% end %>
 
diff --git a/config/locales/en.yml b/config/locales/en.yml
index 444d75a97faeb9917dc6b4ef0e8cdd1f4395a0d4..6e8ee4762a040c20c18f234afe8d636bf140c01d 100644 (file)
--- a/config/locales/en.yml
+++ b/config/locales/en.yml
@@ -1976,6 +1976,8 @@ en:
       tab_title: "Log In"
       login_to_authorize_html: "Log in to OpenStreetMap to access %{client_app_name}."
       already_logged_in_html: "You are already logged in as %{user}. Logging in again will change your current account."
+      access_another_page: "You arrived here while trying to access another page. If you want to access that page using your current account, click the button below:"
+      visit_referring_page: "Visit referring page"
       email or username: "Email Address or Username"
       password: "Password"
       remember: "Remember me"
diff --git a/test/system/user_login_test.rb b/test/system/user_login_test.rb
index 643ebf8d874199c92f5f6b24c69b41ad4002b679..9800752a67aaa133655c11c8bb6c5954f8e8caef 100644 (file)
--- a/test/system/user_login_test.rb
+++ b/test/system/user_login_test.rb
@@ -11,6 +11,7 @@ class UserLoginTest < ApplicationSystemTestCase
     assert_button "First User"
     within_content_body do
       assert_text "logged in as First User"
+      assert_no_link "Visit referring page"
     end
 
     fill_in "username", :with => user2.email
@@ -20,6 +21,36 @@ class UserLoginTest < ApplicationSystemTestCase
     assert_button "Second User"
   end
 
+  test "Warn on login page when already logged in with referer link" do
+    user1 = create(:user, :display_name => "First User")
+    sign_in_as(user1)
+
+    visit login_path(:referer => about_path)
+
+    assert_button "First User"
+    within_content_body do
+      assert_text "logged in as First User"
+      assert_link "Visit referring page"
+
+      click_on "Visit referring page"
+    end
+
+    assert_current_path about_path
+  end
+
+  test "Only show safe referer links inside warnings" do
+    user1 = create(:user, :display_name => "First User")
+    sign_in_as(user1)
+
+    visit login_path(:referer => "https://example.com/")
+
+    assert_button "First User"
+    within_content_body do
+      assert_text "logged in as First User"
+      assert_no_link "Visit referring page"
+    end
+  end
+
   test "Show OpenID form when OpenID provider button is clicked" do
     visit login_path
 
The OpenStreetMap web site