Fix next url encoding error

codingjoe · codingjoe · commit 5ba1d0d0e30d · 2021-10-20T13:42:40.000+02:00
Next URLs where not properly encoded and could pass the wrong information
diff --git a/mailauth/forms.py b/mailauth/forms.py
@@ -1,11 +1,12 @@
+import urllib
+
 from django import forms
 from django.contrib.auth import get_user_model
 from django.contrib.sites.shortcuts import get_current_site
 from django.core.mail import EmailMultiAlternatives
 from django.db import connection
 from django.template import TemplateDoesNotExist, loader
 from django.urls import reverse
-from django.utils.encoding import iri_to_uri
 
 from mailauth.backends import MailAuthBackend
 
@@ -34,7 +35,7 @@ def get_login_url(self, request, token, next=None):
             path=reverse("mailauth:login-token", kwargs={"token": token}),
         )
         if next is not None:
-            url += "?next=%s" % iri_to_uri(next)
+            url += "?next=%s" % urllib.parse.quote(next)
         return url
 
     def get_token(self, user):
diff --git a/tests/test_forms.py b/tests/test_forms.py
@@ -11,6 +11,22 @@ def test_save(self):
 
 
 class TestEmailLoginForm:
+    def test_get_login_url(self, rf):
+        request = rf.get("/")
+        form = EmailLoginForm(request=request)
+        assert (
+            form.get_login_url(request, "TOKEN")
+            == "http://testserver/accounts/login/TOKEN"
+        )
+        assert (
+            form.get_login_url(
+                request,
+                "TOKEN",
+                next="/path/?utm_source=website&utm_medium=email#some-anchor",
+            )
+            == "http://testserver/accounts/login/TOKEN?next=/path/%3Futm_source%3Dwebsite%26utm_medium%3Demail%23some-anchor"
+        )
+
     def test_send_mail__html_template(self):
         class MyEmailLoginForm(EmailLoginForm):
             html_email_template_name = EmailLoginForm.email_template_name
