[WEB-4900]: validated authentication redirection paths (#7798)

* refactor: replace validate_next_path with get_safe_redirect_url for safer URL redirection across authentication views * refactor: use get_safe_redirect_url for improved URL redirection in SignInAuthSpaceEndpoint and SignUpAuthSpaceEndpoint * fix: redirect paths --------- Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
2025-09-16 00:01:06 +05:30 · 2025-09-16 00:01:06 +05:30 · 345dfce25d
commit 345dfce25d
parent 116c8118ab
13 changed files with 477 additions and 276 deletions
--- a/apps/api/plane/license/api/views/admin.py
+++ b/apps/api/plane/license/api/views/admin.py
@ -34,6 +34,7 @@ from plane.authentication.adapter.error import (
    AuthenticationException,
 )
 from plane.utils.ip_address import get_client_ip
+from plane.utils.path_validator import get_safe_redirect_url


 class InstanceAdminEndpoint(BaseAPIView):
@ -392,7 +393,14 @@ class InstanceAdminSignOutEndpoint(View):
            user.save()
            # Log the user out
            logout(request)
-            url = urljoin(base_host(request=request, is_admin=True))
+            url = get_safe_redirect_url(
+                base_url=base_host(request=request, is_admin=True),
+                next_path=""
+            )
            return HttpResponseRedirect(url)
        except Exception:
-            return HttpResponseRedirect(base_host(request=request, is_admin=True))
+            url = get_safe_redirect_url(
+                base_url=base_host(request=request, is_admin=True),
+                next_path=""
+            )
+            return HttpResponseRedirect(url)