diff --git a/app/admin.py b/app/admin.py index 621a8ac..c6014b6 100644 --- a/app/admin.py +++ b/app/admin.py @@ -40,13 +40,22 @@ from app.utils import pagination from app.utils.emoji import EMOJIS_BY_NAME -def user_session_or_redirect( +async def user_session_or_redirect( request: Request, session: str | None = Cookie(default=None), ) -> None: + if request.method == "POST": + form_data = await request.form() + if "redirect_url" in form_data: + redirect_url = form_data["redirect_url"] + else: + redirect_url = request.url_for("admin_stream") + else: + redirect_url = str(request.url) + _RedirectToLoginPage = HTTPException( status_code=302, - headers={"Location": request.url_for("login") + f"?redirect={request.url}"}, + headers={"Location": request.url_for("login") + f"?redirect={redirect_url}"}, ) if not session: diff --git a/app/config.py b/app/config.py index 687bf65..f9c4ac7 100644 --- a/app/config.py +++ b/app/config.py @@ -200,10 +200,19 @@ def generate_csrf_token() -> str: return csrf_serializer.dumps(secrets.token_hex(16)) # type: ignore -def verify_csrf_token(csrf_token: str = Form()) -> None: +def verify_csrf_token( + csrf_token: str = Form(), + redirect_url: str | None = Form(None), +) -> None: + please_try_again = "please try again" + if redirect_url: + please_try_again = f'please try again' try: csrf_serializer.loads(csrf_token, max_age=1800) except (itsdangerous.BadData, itsdangerous.SignatureExpired): logger.exception("Failed to verify CSRF token") - raise HTTPException(status_code=403, detail="CSRF error") + raise HTTPException( + status_code=403, + detail=f"The security token expired, {please_try_again}", + ) return None diff --git a/app/scss/main.scss b/app/scss/main.scss index 760ed7c..49fcfe7 100644 --- a/app/scss/main.scss +++ b/app/scss/main.scss @@ -509,3 +509,9 @@ nav.flexbox { } } } + +.error-title { + a { + text-decoration: underline; + } +} diff --git a/app/templates/error.html b/app/templates/error.html index 1d93c59..99511b5 100644 --- a/app/templates/error.html +++ b/app/templates/error.html @@ -6,7 +6,7 @@ {% endblock %} {% block content %} -