From f9c4c411b863779d5e6fe2d44bb366febc3b50af Mon Sep 17 00:00:00 2001 From: Dan Gowans Date: Wed, 28 Sep 2022 15:42:21 -0400 Subject: [PATCH] support redirecting to print outs --- app.js | 2 +- app.ts | 2 +- helpers/functions.authentication.js | 14 ++++++++------ helpers/functions.authentication.ts | 15 +++++++++------ 4 files changed, 19 insertions(+), 14 deletions(-) diff --git a/app.js b/app.js index 33654090..99cbe7b7 100644 --- a/app.js +++ b/app.js @@ -97,7 +97,7 @@ const sessionChecker = (request, response, next) => { return next(); } const redirectUrl = getSafeRedirectURL(request.originalUrl); - return response.redirect(`${urlPrefix}/login?redirect=${redirectUrl}`); + return response.redirect(`${urlPrefix}/login?redirect=${encodeURIComponent(redirectUrl)}`); }; app.use((request, response, next) => { response.locals.buildNumber = version; diff --git a/app.ts b/app.ts index 35a57da6..e1e254e8 100644 --- a/app.ts +++ b/app.ts @@ -180,7 +180,7 @@ const sessionChecker = ( const redirectUrl = getSafeRedirectURL(request.originalUrl); - return response.redirect(`${urlPrefix}/login?redirect=${redirectUrl}`); + return response.redirect(`${urlPrefix}/login?redirect=${encodeURIComponent(redirectUrl)}`); }; /* diff --git a/helpers/functions.authentication.js b/helpers/functions.authentication.js index 713c92a4..3841bae6 100644 --- a/helpers/functions.authentication.js +++ b/helpers/functions.authentication.js @@ -46,12 +46,14 @@ export const getSafeRedirectURL = (possibleRedirectURL = "") => { if (typeof possibleRedirectURL === "string") { const urlToCheck = (possibleRedirectURL.startsWith(urlPrefix) ? possibleRedirectURL.slice(urlPrefix.length) - : possibleRedirectURL).toLowerCase(); - if (safeRedirects.has(urlToCheck) || - /^(\/maps\/)\d+(\/edit)?$/.test(urlToCheck) || - /^(\/lots\/)\d+(\/edit)?$/.test(urlToCheck) || - /^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheck) || - /^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheck)) { + : possibleRedirectURL); + const urlToCheckLowerCase = urlToCheck.toLowerCase(); + if (safeRedirects.has(urlToCheckLowerCase) || + /^(\/maps\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) || + /^(\/lots\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) || + /^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) || + /^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) || + /^\/print\/(pdf|screen)\/[\d/=?A-Za-z-]+$/.test(urlToCheck)) { return urlPrefix + urlToCheck; } } diff --git a/helpers/functions.authentication.ts b/helpers/functions.authentication.ts index ee1136c7..1ab1e698 100644 --- a/helpers/functions.authentication.ts +++ b/helpers/functions.authentication.ts @@ -69,14 +69,17 @@ export const getSafeRedirectURL = (possibleRedirectURL = "") => { possibleRedirectURL.startsWith(urlPrefix) ? possibleRedirectURL.slice(urlPrefix.length) : possibleRedirectURL - ).toLowerCase(); + ); + + const urlToCheckLowerCase = urlToCheck.toLowerCase(); if ( - safeRedirects.has(urlToCheck) || - /^(\/maps\/)\d+(\/edit)?$/.test(urlToCheck) || - /^(\/lots\/)\d+(\/edit)?$/.test(urlToCheck) || - /^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheck) || - /^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheck) + safeRedirects.has(urlToCheckLowerCase) || + /^(\/maps\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) || + /^(\/lots\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) || + /^(\/lotoccupancies\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) || + /^(\/workorders\/)\d+(\/edit)?$/.test(urlToCheckLowerCase) || + /^\/print\/(pdf|screen)\/[\d/=?A-Za-z-]+$/.test(urlToCheck) ) { return urlPrefix + urlToCheck; }