When logged in, the URL /account/login is still accessible (Fix https://github.com/btcpayserver/btcpayserver/issues/916)

2025-12-17 22:14:26 +01:00 · 2019-07-14 22:16:23 +09:00
parent ae73858e23
commit fd4a27c1a3
1 changed files with 3 additions and 1 deletions
--- a/BTCPayServer/Controllers/AccountController.cs
+++ b/BTCPayServer/Controllers/AccountController.cs
@@ -73,6 +73,8 @@ namespace BTCPayServer.Controllers
        [AllowAnonymous]
        public async Task<IActionResult> Login(string returnUrl = null)
        {
+            if (User.Identity.IsAuthenticated)
+                RedirectToLocal(returnUrl);
            // Clear the existing external cookie to ensure a clean login process
            await HttpContext.SignOutAsync(IdentityConstants.ExternalScheme);

@@ -647,7 +649,7 @@ namespace BTCPayServer.Controllers

        private IActionResult RedirectToLocal(string returnUrl)
        {
-            if (Url.IsLocalUrl(returnUrl))
+            if (!string.IsNullOrEmpty(returnUrl) && Url.IsLocalUrl(returnUrl))
            {
                return Redirect(returnUrl);
            }