From a6bcf582d1e6eac201cfa1aa269538f6e9a5305a Mon Sep 17 00:00:00 2001
From: Ralph Bean <rbean@redhat.com>
Date: Fri, 2 May 2014 21:59:44 -0400
Subject: [PATCH] Just ignore the ?next= parameter as a workaround for Covert
 Redirect.

---
 frontend/coprs_frontend/coprs/views/misc.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/frontend/coprs_frontend/coprs/views/misc.py b/frontend/coprs_frontend/coprs/views/misc.py
index 4652ab4..68ebf38 100644
--- a/frontend/coprs_frontend/coprs/views/misc.py
+++ b/frontend/coprs_frontend/coprs/views/misc.py
@@ -31,7 +31,7 @@ misc = flask.Blueprint("misc", __name__)
 @oid.loginhandler
 def login():
     if flask.g.user is not None:
-        return flask.redirect(oid.get_next_url())
+        return flask.redirect(flask.request.url_root)
     else:
         return oid.try_login("https://id.fedoraproject.org/",
                              ask_for=["email", "timezone"])
@@ -75,17 +75,17 @@ def create_or_login(resp):
         if flask.request.url_root == oid.get_next_url():
             return flask.redirect(flask.url_for("coprs_ns.coprs_by_owner",
                                                 username=user.name))
-        return flask.redirect(oid.get_next_url())
+        return flask.redirect(flask.request.url_root)
     else:
         flask.flash("User '{0}' is not allowed".format(user.name))
-        return flask.redirect(oid.get_next_url())
+        return flask.redirect(flask.request.url_root)
 
 
 @misc.route("/logout/")
 def logout():
     flask.session.pop("openid", None)
     flask.flash(u"You were signed out")
-    return flask.redirect(oid.get_next_url())
+    return flask.redirect(flask.request.url_root)
 
 
 def api_login_required(f):
-- 
1.9.0