barbercollie/tinyauth
1
0
Fork 1
mirror of https://github.com/steveiliop56/tinyauth.git synced 2025-10-28 12:45:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: correctly redirect to app and check for untrusted redirects

Browse Source
This commit is contained in:
Stavros
2025-05-14 20:56:24 +03:00
parent ada21776bc
commit 60093997dc
4 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
frontend/src/pages/continue-page.tsx
View File

@@ -42,7 +42,7 @@ export const ContinuePage = () => {
const url = new URL(redirectURI);
if (!(url.hostname == domain) || !url.hostname.endsWith(`.${domain}`)) {
if (!(url.hostname == domain) && !url.hostname.endsWith(`.${domain}`)) {
return (
<Card className="min-w-xs sm:min-w-sm">
<CardHeader>

5
frontend/src/pages/login-page.tsx
View File

@@ -43,7 +43,10 @@ export const LoginPage = () => {
const isMounted = useIsMounted();
const oauthMutation = useMutation({
mutationFn: (provider: string) => axios.get(`/api/oauth/url/${provider}`),
mutationFn: (provider: string) =>
axios.get(
`/api/oauth/url/${provider}?redirect_uri=${encodeURIComponent(redirectUri ?? "")}`,
),
mutationKey: ["oauth"],
onSuccess: (data) => {
toast.info(t("loginOauthSuccessTitle"), {

4
frontend/src/pages/logout-page.tsx
View File

@@ -16,7 +16,7 @@ import { Navigate } from "react-router";
import { toast } from "sonner";
export const LogoutPage = () => {
const { provider, username, isLoggedIn } = useUserContext();
const { provider, username, isLoggedIn, email } = useUserContext();
const { genericName } = useAppContext();
const { t } = useTranslation();
@@ -56,7 +56,7 @@ export const LogoutPage = () => {
code: <code />,
}}
values={{
username: username,
username: email,
provider:
provider === "generic" ? genericName : capitalize(provider),
}}

4
frontend/src/schemas/user-context-schema.ts
View File

@@ -3,8 +3,8 @@ import { z } from "zod";
export const userContextSchema = z.object({
isLoggedIn: z.boolean(),
username: z.string(),
// name: z.string(), not yet implemented
// email: z.string(),
name: z.string(),
email: z.string(),
provider: z.string(),
oauth: z.boolean(),
totpPending: z.boolean(),