NeoAnd/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2025-07-24 17:38:37 -06:00
Code Issues Actions 11 Packages Projects Releases Wiki Activity

move redirect code to own function

Browse Source
This commit is contained in:
Simeon Keske 2020-09-02 22:33:39 +02:00
parent bfcbd9da6c
commit f92569d468
No known key found for this signature in database
GPG Key ID: 00FAF748B777CF10
1 changed files with 18 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
netbox/users/views.py
View File

@ -36,17 +36,12 @@ class LoginView(View):
return super().dispatch(*args, **kwargs) return super().dispatch(*args, **kwargs)
def get(self, request): def get(self, request):
if request.user.is_authenticated:
# Already logged-in, determine where to redirect
redirect_to = request.GET.get('next', reverse('home'))
if redirect_to and not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_to}")
redirect_to = reverse('home')
return HttpResponseRedirect(redirect_to)
form = LoginForm(request) form = LoginForm(request)
if request.user.is_authenticated:
logger = logging.getLogger('netbox.auth.login')
return self.redirect_to_next(request, logger)
return render(request, self.template_name, { return render(request, self.template_name, {
'form': form, 'form': form,
}) })
@ -58,12 +53,6 @@ class LoginView(View):
if form.is_valid(): if form.is_valid():
logger.debug("Login form validation was successful") logger.debug("Login form validation was successful")
# Determine where to direct user after successful login
redirect_to = request.POST.get('next', reverse('home'))
if redirect_to and not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_to}")
redirect_to = reverse('home')
# If maintenance mode is enabled, assume the database is read-only, and disable updating the user's # If maintenance mode is enabled, assume the database is read-only, and disable updating the user's
# last_login time upon authentication. # last_login time upon authentication.
if settings.MAINTENANCE_MODE: if settings.MAINTENANCE_MODE:
@ -75,8 +64,7 @@ class LoginView(View):
logger.info(f"User {request.user} successfully authenticated") logger.info(f"User {request.user} successfully authenticated")
messages.info(request, "Logged in as {}.".format(request.user)) messages.info(request, "Logged in as {}.".format(request.user))
logger.debug(f"Redirecting user to {redirect_to}") return self.redirect_to_next(request, logger)
return HttpResponseRedirect(redirect_to)
else: else:
logger.debug("Login form validation failed") logger.debug("Login form validation failed")
@ -85,6 +73,19 @@ class LoginView(View):
'form': form, 'form': form,
}) })
def redirect_to_next(self, request, logger):
if request.method == "POST":
redirect_to = request.POST.get('next', reverse('home'))
else:
redirect_to = request.GET.get('next', reverse('home'))
if redirect_to and not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_to}")
redirect_to = reverse('home')
logger.debug(f"Redirecting user to {redirect_to}")
return HttpResponseRedirect(redirect_to)
class LogoutView(View): class LogoutView(View):
""" """