agnes/cheesy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: 🔑 factor out insecure user-fed redirect after login

Browse source
This commit is contained in:
m5ka 2024-04-11 16:16:06 +01:00
parent 30b0e63d8d
commit f0c7af3527
1 changed files with 2 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
moku/views/auth.py
View file

@ -1,7 +1,6 @@
from django.contrib import messages from django.contrib import messages
from django.contrib.auth.views import LoginView as BaseLoginView from django.contrib.auth.views import LoginView as BaseLoginView
from django.contrib.auth.views import LogoutView as BaseLogoutView from django.contrib.auth.views import LogoutView as BaseLogoutView
from django.shortcuts import redirect
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
@ -15,11 +14,7 @@ class LoginView(View, BaseLoginView):
template_name = "moku/login.jinja" template_name = "moku/login.jinja"
form_class = AuthenticationForm form_class = AuthenticationForm
page_title = "log in" page_title = "log in"
redirect_authenticated_user = True
def get(self, request, *args, **kwargs):
if self.request.user.is_authenticated:
return redirect(self.get_success_url())
return super().get(request, *args, **kwargs)
def get_success_url(self): def get_success_url(self):
if self.request.user.is_authenticated: if self.request.user.is_authenticated:
@ -28,7 +23,7 @@ class LoginView(View, BaseLoginView):
_("welcome back, %(username)s!") _("welcome back, %(username)s!")
% {"username": self.request.user.username}, % {"username": self.request.user.username},
) )
return self.request.GET.get("next", reverse_lazy("feed")) return reverse_lazy("feed")
class LogoutView(BaseLogoutView): class LogoutView(BaseLogoutView):