fix: redirection after password reset

2023-12-15 16:12:33 +01:00 · 2023-12-15 16:12:33 +01:00 · 7fed235437
commit 7fed235437
parent 67733699aa
3 changed files with 7 additions and 3 deletions
--- a/CHANGES.rst
+++ b/CHANGES.rst
@ -8,6 +8,7 @@ Fixed

 - Crash when no ACL were defined
 - OIDC Userinfo endpoint is also available in POST
+- Fix redirection after password reset :issue:`159`

 [0.0.38] - 2023-12-15
 =====================
--- a/canaille/core/auth.py
+++ b/canaille/core/auth.py
@ -214,9 +214,11 @@ def reset(user, hash):
        login_user(user)

        flash(_("Your password has been updated successfully"), "success")
-        return session.pop(
+        return redirect(
+            session.pop(
                "redirect-after-login",
                url_for("core.account.profile_edition", edited_user=user),
            )
+        )

    return render_template("reset-password.html", form=form, user=user, hash=hash)
--- a/tests/core/test_password_reset.py
+++ b/tests/core/test_password_reset.py
@ -11,6 +11,7 @@ def test_password_reset(testclient, user):
    res.form["confirmation"] = "foobarbaz"
    res = res.form.submit()
    assert ("success", "Your password has been updated successfully") in res.flashes
+    assert res.location == "/profile/user"

    user.reload()
    assert user.check_password("foobarbaz")[0]