Allow redirects

app.py

@@ -4,6 +4,7 @@ from typing import Union
 from flask import (Flask, flash, redirect, render_template, request,
                    send_from_directory, url_for)
 from flask_login import LoginManager, login_required, login_user, logout_user
+from urllib.parse import unquote
 
 from forms import LoginForm
 from latosa import LaToSa
@@ -33,15 +34,19 @@ def load_user(user_id) -> Union[User, None]:
 @app.route('/', methods=['GET', 'POST'])
 def index():
     i18n = latosa.get_i18n(request)
+    redirect_to = request.args.get('redirect_to', None)
     form = LoginForm()
+    form.redirect_to.data = redirect_to
     if request.method == 'POST':
         username = form.username.data
         password = form.password.data
+        redirect_to = url_for('admin') 
+        if form.redirect_to.data:
+          redirect_to = unquote(form.redirect_to.data)
         user = latosa.login_user(username, password)
         if user:
             login_user(user)
-            flash(i18n['login']['success'])
-            return redirect(url_for('admin'))
+            return redirect(redirect_to)
         flash(i18n['login']['failed'])
     return render_template('index.html', i18n=i18n, form=form)
 

forms.py

@@ -1,8 +1,9 @@
 from flask_wtf import FlaskForm
-from wtforms import PasswordField, StringField, SubmitField
+from wtforms import PasswordField, StringField, SubmitField, HiddenField
 from wtforms.validators import DataRequired
 
 class LoginForm(FlaskForm):
     username = StringField('Username', validators=[DataRequired()])
     password = PasswordField('Password', validators=[DataRequired()])
     submit = SubmitField('Submit')
+    redirect_to = HiddenField('redirect_to')