agnes/cheesy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: 🔑 factor out insecure user-fed redirect after login

Browse source
This commit is contained in:
m5ka 2024-04-11 16:16:06 +01:00
parent 30b0e63d8d
commit f0c7af3527
1 changed files with 2 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
moku/views/auth.py
View file

@ -1,7 +1,6 @@
from django.contrib import messages
from django.contrib.auth.views import LoginView as BaseLoginView
from django.contrib.auth.views import LogoutView as BaseLogoutView
from django.shortcuts import redirect
from django.urls import reverse_lazy
from django.utils.translation import gettext as _
@ -15,11 +14,7 @@ class LoginView(View, BaseLoginView):
template_name = "moku/login.jinja"
form_class = AuthenticationForm
page_title = "log in"
def get(self, request, *args, **kwargs):
if self.request.user.is_authenticated:
return redirect(self.get_success_url())
return super().get(request, *args, **kwargs)
redirect_authenticated_user = True
def get_success_url(self):
if self.request.user.is_authenticated:
@ -28,7 +23,7 @@ class LoginView(View, BaseLoginView):
_("welcome back, %(username)s!")
% {"username": self.request.user.username},
)
return self.request.GET.get("next", reverse_lazy("feed"))
return reverse_lazy("feed")
class LogoutView(BaseLogoutView):