fix #944: added exception handler for NoReverseMatch in login view

misago/users/tests/test_auth_views.py

@@ -41,6 +41,28 @@ class AuthViewsTests(TestCase):
         self.assertEqual(response.status_code, 302)
         self.assertEqual(response['location'], '/')
 
+        # invalid redirect (link name)
+        response = self.client.post(
+            reverse('misago:login'),
+            data={
+                'redirect_to': 'misago:users',
+            },
+        )
+
+        self.assertEqual(response.status_code, 302)
+        self.assertEqual(response['location'], '/')
+
+        # invalid redirect (non url)
+        response = self.client.post(
+            reverse('misago:login'),
+            data={
+                'redirect_to': 'canada goose not url',
+            },
+        )
+
+        self.assertEqual(response.status_code, 302)
+        self.assertEqual(response['location'], '/')
+
     def test_logout_view(self):
         """logout view logs user out on post"""
         response = self.client.post(

misago/users/views/auth.py

@@ -1,6 +1,7 @@
 from django.conf import settings
 from django.contrib import auth
 from django.shortcuts import redirect
+from django.urls import NoReverseMatch
 from django.utils.http import is_safe_url
 from django.utils.six.moves.urllib.parse import urlparse
 from django.views.decorators.cache import never_cache
@@ -22,7 +23,10 @@ def login(request):
             )
             if is_redirect_safe:
                 redirect_to_path = urlparse(redirect_to).path
-                return redirect(redirect_to_path)
+                try:
+                    return redirect(redirect_to_path)
+                except NoReverseMatch:
+                    pass
 
     return redirect(settings.LOGIN_REDIRECT_URL)