[#7759] after pwd recovery, don't let login page send user back to pwd recovery form (referrer)

commit: 3d5b599dc624a8d5437ec2afe2b309e1f51447e3 [log] [tgz]
author: Dave Brondsema <dbrondsema@slashdotmedia.com> Mon Oct 13 20:37:11 2014 +0000
committer: Dave Brondsema <dbrondsema@slashdotmedia.com> Mon Oct 13 20:37:11 2014 +0000
tree: 4d7000bb018863bceb4b8c408959873c46f0bf2c
parent: 14b6bcd5cfd2bd828265db111c73e50ba990d1f2 [diff]
diff --git a/Allura/allura/controllers/auth.py b/Allura/allura/controllers/auth.py
index fca553c..e160535 100644
--- a/Allura/allura/controllers/auth.py
+++ b/Allura/allura/controllers/auth.py

@@ -168,7 +168,7 @@
         user.set_tool_data('AuthPasswordReset', hash='', hash_expiry='')
         h.auditlog_user('Password changed (through recovery process)', user=user)
         flash('Password changed')
-        redirect('/auth/')
+        redirect('/auth/?return_to=/')  # otherwise the default return_to would be the forgotten_password referrer page
 
     @expose()
     @require_post()
commit	3d5b599dc624a8d5437ec2afe2b309e1f51447e3	[log] [tgz]
author	Dave Brondsema <dbrondsema@slashdotmedia.com>	Mon Oct 13 20:37:11 2014 +0000
committer	Dave Brondsema <dbrondsema@slashdotmedia.com>	Mon Oct 13 20:37:11 2014 +0000
tree	4d7000bb018863bceb4b8c408959873c46f0bf2c
parent	14b6bcd5cfd2bd828265db111c73e50ba990d1f2 [diff]