Launchpad itself

~pelpsi/launchpad:avoid-open-redirect-attack-on-logout

  1. Git
  2. lp:~pelpsi/launchpad
  3. avoid-open-redirect-attack-on-logout
Last commit made on 2023-03-29
Get this branch:
git clone -b avoid-open-redirect-attack-on-logout https://git.launchpad.net/~pelpsi/launchpad
Only Simone Pelosi can upload to this branch. If you are Simone Pelosi please log in for upload directions.

Branch merges

Branch information

Name:
avoid-open-redirect-attack-on-logout
Repository:
lp:~pelpsi/launchpad

Recent commits

60cf045... by Simone Pelosi

Added new test case to reproduce CookieLogout behaviour

Test case to make sure the CookieLogout's redirect works with the new costraints

Succeeded
[SUCCEEDED] docs:0 (build)
[SUCCEEDED] lint:0 (build)
[SUCCEEDED] mypy:0 (build)
13 of 3 results FirstPreviousNextLast
891d2f4... by Simone Pelosi

Added openid_provider_root domain in the check

Required check since login.launchpad.net isn't in allvhosts.hostnames

Succeeded
[SUCCEEDED] docs:0 (build)
[SUCCEEDED] lint:0 (build)
[SUCCEEDED] mypy:0 (build)
13 of 3 results FirstPreviousNextLast
ee667e1... by Simone Pelosi

Restricted user control on next_to redirect

A penetration test found that lougot redirect is vulnerable to open redirect
attack. "next_to" url is now validated: if it belongs to our domains, the
user is redirected to that url, otherwise the user is redirected to
a default url (homepage).

Succeeded
[SUCCEEDED] docs:0 (build)
[SUCCEEDED] lint:0 (build)
[SUCCEEDED] mypy:0 (build)
13 of 3 results FirstPreviousNextLast
610eeb7... by Simone Pelosi

TestOpenIDApplication does not fully implement ITestOpenIDApplication

Added test case to check the correct implementation of ITestOpenIDApplication and fixed TestOpenIDApplication class providing the attribute "title".

LP: #837229

Merged from https://code.launchpad.net/~pelpsi/launchpad/+git/launchpad/+merge/439260

cecb04a... by Simone Pelosi

Long translations hints do not wrap and cause the save and continue button to be offscreen

Added css rule white-space:pre-wrap to wrap long translation hints

LP: #1475300

Merged from https://code.launchpad.net/~pelpsi/launchpad/+git/launchpad/+merge/439273

41ac0a9... by Colin Watson

Fix search for specifications to which a person is subscribed

Merged from https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/439512

25b925a... by Colin Watson

Fix OpenPGP key rendering when logged out, better

Merged from https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/439513

36ded41... by Colin Watson

Fix OpenPGP key rendering when logged out, better

I mistyped `content=...` instead of `tal:content=...` in commit
1ff2add6307cb41f919f7c83a5d0bafc07518dc7, and there was a doctest to
update as well.

LP: #1996775

7de34b2... by Colin Watson

Fix search for specifications to which a person is subscribed

Commit 938ecc82608559c3523846bfd3b3e53c98eb4881 broke a couple of tests,
because `[Or()]` looks truthy as far as `search_specifications` is
concerned but we don't want to include it in a query.

7575082... by Colin Watson

Optimize Person.visible_specifications

Merged from https://code.launchpad.net/~cjwatson/launchpad/+git/launchpad/+merge/439396