mirrors/btcpayserver
1
0
Fork 0
mirror of https://github.com/btcpayserver/btcpayserver.git synced 2024-11-19 18:11:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

When logged in, the URL /account/login is still accessible (Fix https://github.com/btcpayserver/btcpayserver/issues/916)

Browse Source
This commit is contained in:
nicolas.dorier 2019-07-14 22:16:23 +09:00
parent ae73858e23
commit fd4a27c1a3
No known key found for this signature in database
GPG Key ID: 6618763EF09186FE
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
BTCPayServer/Controllers/AccountController.cs
View File

@ -73,6 +73,8 @@ namespace BTCPayServer.Controllers
[AllowAnonymous]
public async Task<IActionResult> Login(string returnUrl = null)
{
if (User.Identity.IsAuthenticated)
RedirectToLocal(returnUrl);
// Clear the existing external cookie to ensure a clean login process
await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);
@ -647,7 +649,7 @@ namespace BTCPayServer.Controllers
private IActionResult RedirectToLocal(string returnUrl)
{
if (Url.IsLocalUrl(returnUrl))
if (!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl))
{
return Redirect(returnUrl);
}