From f0c7af352732e38272020514e1d0fca76bcc960b Mon Sep 17 00:00:00 2001 From: m5ka Date: Thu, 11 Apr 2024 16:16:06 +0100 Subject: [PATCH] =?UTF-8?q?fix:=20=F0=9F=94=91=20factor=20out=20insecure?= =?UTF-8?q?=20user-fed=20redirect=20after=20login?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- moku/views/auth.py | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/moku/views/auth.py b/moku/views/auth.py index 5d42d65..98a4dd9 100644 --- a/moku/views/auth.py +++ b/moku/views/auth.py @@ -1,7 +1,6 @@ from django.contrib import messages from django.contrib.auth.views import LoginView as BaseLoginView from django.contrib.auth.views import LogoutView as BaseLogoutView -from django.shortcuts import redirect from django.urls import reverse_lazy from django.utils.translation import gettext as _ @@ -15,11 +14,7 @@ class LoginView(View, BaseLoginView): template_name = "moku/login.jinja" form_class = AuthenticationForm page_title = "log in" - - def get(self, request, *args, **kwargs): - if self.request.user.is_authenticated: - return redirect(self.get_success_url()) - return super().get(request, *args, **kwargs) + redirect_authenticated_user = True def get_success_url(self): if self.request.user.is_authenticated: @@ -28,7 +23,7 @@ class LoginView(View, BaseLoginView): _("welcome back, %(username)s!") % {"username": self.request.user.username}, ) - return self.request.GET.get("next", reverse_lazy("feed")) + return reverse_lazy("feed") class LogoutView(BaseLogoutView):