From 64287f4baec8b5b5026971542dfc17534ea8fb7a Mon Sep 17 00:00:00 2001
From: Magnus Hagander <magnus@hagander.net>
Date: Tue, 21 Feb 2023 18:30:24 +0100
Subject: [PATCH] Nicer error message when consent form is messed with

Instead of an exception complaining about bad style URLs, just ensure
that the URL for the next parameter is always relative. (The form for
consent can only be triggered via one redirect, and it always has the
parameter relative).

We did the right thing before (as in, did not perform a redirect), but
the error dump was not nice.
---
 pgweb/account/forms.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pgweb/account/forms.py b/pgweb/account/forms.py
index 6ab279e4..31cd3741 100644
--- a/pgweb/account/forms.py
+++ b/pgweb/account/forms.py
@@ -54,6 +54,14 @@ class CommunityAuthConsentForm(forms.Form):
 
         self.fields['consent'].label = 'Consent to sharing data with {0}'.format(self.orgname)
 
+    def clean(self):
+        cleaned_data = super().clean()
+        if 'next' not in cleaned_data:
+            self.add_error(None, "Next URL must be set")
+        if not cleaned_data['next'].startswith('/'):
+            self.add_error(None, "Invalid next url")
+        return cleaned_data
+
 
 class SignupForm(forms.Form):
     username = forms.CharField(max_length=30)
-- 
2.39.5