diff options
| author | Martin Green <martin.speleo@gmail.com> | 2022-06-25 16:13:02 +0100 |
|---|---|---|
| committer | Martin Green <martin.speleo@gmail.com> | 2022-06-25 16:13:02 +0100 |
| commit | b3d9e814997ab8f83e8e441ed48625c66ed68d51 (patch) | |
| tree | 92b64a2543b3e868c3b2b12eaedb8b2a20cc223e /core/views/auth.py | |
| parent | 74a5125cf92775a5d3b1e306fa905571bbf794f2 (diff) | |
| download | troggle-b3d9e814997ab8f83e8e441ed48625c66ed68d51.tar.gz troggle-b3d9e814997ab8f83e8e441ed48625c66ed68d51.tar.bz2 troggle-b3d9e814997ab8f83e8e441ed48625c66ed68d51.zip | |
Implement redirects after login (using the next parameter)
Diffstat (limited to 'core/views/auth.py')
| -rw-r--r-- | core/views/auth.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/core/views/auth.py b/core/views/auth.py index a7b2ca1..a4dc9d9 100644 --- a/core/views/auth.py +++ b/core/views/auth.py @@ -1,10 +1,11 @@ from builtins import str from django.conf import settings -from django.shortcuts import render +from django.shortcuts import render, redirect from django.contrib.auth import authenticate, login, logout from django.contrib.auth import forms as auth_forms from django.contrib.auth.decorators import login_required +from django.utils.http import is_safe_url """This enforces the login requirement for non-public pages using the decorator mechanism. @@ -70,8 +71,20 @@ def expologin(request): try: login(request, user) # Should do the ?next= stuff here.. - return render(request, 'tasks.html', {}) + return redirect_after_login(request) except: return render(request, 'errors/generic.html', {}) + +def redirect_after_login(request): + nxt = request.GET.get("next", None) + if nxt is None: + return redirect(settings.LOGIN_REDIRECT_URL) + elif not is_safe_url( + url=nxt, + allowed_hosts={request.get_host()}, + require_https=request.is_secure()): + return redirect(settings.LOGIN_REDIRECT_URL) + else: + return redirect(nxt) |