Skip to content

Redirect users away from /login, if they are already logged in #5071

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Sep 4, 2020
Merged

Redirect users away from /login, if they are already logged in #5071

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bfcbd9d
Redirect users away from /login, if they are already logged in
n0emis Aug 29, 2020
f92569d
move redirect code to own function
n0emis Sep 2, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 18 additions & 8 deletions netbox/users/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,10 @@ def dispatch(self, *args, **kwargs):
def get(self, request):
form = LoginForm(request)

if request.user.is_authenticated:
logger = logging.getLogger('netbox.auth.login')
return self.redirect_to_next(request, logger)

return render(request, self.template_name, {
'form': form,
})
Expand All @@ -49,12 +53,6 @@ def post(self, request):
if form.is_valid():
logger.debug("Login form validation was successful")

# Determine where to direct user after successful login
redirect_to = request.POST.get('next', reverse('home'))
if redirect_to and not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_to}")
redirect_to = reverse('home')

# If maintenance mode is enabled, assume the database is read-only, and disable updating the user's
# last_login time upon authentication.
if settings.MAINTENANCE_MODE:
Expand All @@ -66,8 +64,7 @@ def post(self, request):
logger.info(f"User {request.user} successfully authenticated")
messages.info(request, "Logged in as {}.".format(request.user))

logger.debug(f"Redirecting user to {redirect_to}")
return HttpResponseRedirect(redirect_to)
return self.redirect_to_next(request, logger)

else:
logger.debug("Login form validation failed")
Expand All @@ -76,6 +73,19 @@ def post(self, request):
'form': form,
})

def redirect_to_next(self, request, logger):
if request.method == "POST":
redirect_to = request.POST.get('next', reverse('home'))
else:
redirect_to = request.GET.get('next', reverse('home'))

if redirect_to and not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_to}")
redirect_to = reverse('home')

logger.debug(f"Redirecting user to {redirect_to}")
return HttpResponseRedirect(redirect_to)


class LogoutView(View):
"""
Expand Down