Nicer error message when consent form is messed with

Instead of an exception complaining about bad style URLs, just ensure
that the URL for the next parameter is always relative. (The form for
consent can only be triggered via one redirect, and it always has the
parameter relative).

We did the right thing before (as in, did not perform a redirect), but
the error dump was not nice.

diff --git a/pgweb/account/forms.py b/pgweb/account/forms.py
index 6ab279e401927ab2afc6c76dc951302e8e703feb..31cd374136d8d2e2a954faac490c78a5e5b8ac5f 100644 (file)
--- a/pgweb/account/forms.py
+++ b/pgweb/account/forms.py
@@ -54,6 +54,14 @@ class CommunityAuthConsentForm(forms.Form):
 
         self.fields['consent'].label = 'Consent to sharing data with {0}'.format(self.orgname)
 
+    def clean(self):
+        cleaned_data = super().clean()
+        if 'next' not in cleaned_data:
+            self.add_error(None, "Next URL must be set")
+        if not cleaned_data['next'].startswith('/'):
+            self.add_error(None, "Invalid next url")
+        return cleaned_data
+
 
 class SignupForm(forms.Form):
     username = forms.CharField(max_length=30)