From 7914e93662b41bc8f820050b3d1036d0d6fcb4e8 Mon Sep 17 00:00:00 2001
From: Fang Li <fang.li@nextentertain.com>
Date: Thu, 24 Jan 2019 17:40:25 +0800
Subject: [PATCH] fixed is_safe_url in django 2.1

---
 django_saml2_auth/views.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/django_saml2_auth/views.py b/django_saml2_auth/views.py
index 3acb86e..1e78cef 100644
--- a/django_saml2_auth/views.py
+++ b/django_saml2_auth/views.py
@@ -229,7 +229,12 @@ def signin(r):
         next_url = r.GET.get('next', settings.SAML2_AUTH.get('DEFAULT_NEXT_URL', get_reverse('admin:index')))
 
     # Only permit signin requests where the next_url is a safe URL
-    if not is_safe_url(next_url, None):
+    if parse_version(get_version()) >= parse_version('2.0'):
+        url_ok = is_safe_url(next_url, None)
+    else:
+        url_ok = is_safe_url(next_url)
+
+    if not url_ok:
         return HttpResponseRedirect(get_reverse([denied, 'denied', 'django_saml2_auth:denied']))
 
     r.session['login_next_url'] = next_url