diff options
Diffstat (limited to 'core/views/auth.py')
| -rw-r--r-- | core/views/auth.py | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/core/views/auth.py b/core/views/auth.py index a7b2ca1..a4dc9d9 100644 --- a/core/views/auth.py +++ b/core/views/auth.py @@ -1,10 +1,11 @@ from builtins import str from django.conf import settings -from django.shortcuts import render +from django.shortcuts import render, redirect from django.contrib.auth import authenticate, login, logout from django.contrib.auth import forms as auth_forms from django.contrib.auth.decorators import login_required +from django.utils.http import is_safe_url """This enforces the login requirement for non-public pages using the decorator mechanism. @@ -70,8 +71,20 @@ def expologin(request): try: login(request, user) # Should do the ?next= stuff here.. - return render(request, 'tasks.html', {}) + return redirect_after_login(request) except: return render(request, 'errors/generic.html', {}) + +def redirect_after_login(request): + nxt = request.GET.get("next", None) + if nxt is None: + return redirect(settings.LOGIN_REDIRECT_URL) + elif not is_safe_url( + url=nxt, + allowed_hosts={request.get_host()}, + require_https=request.is_secure()): + return redirect(settings.LOGIN_REDIRECT_URL) + else: + return redirect(nxt) |