Ticket #10857: redirect_on_exiting_auth.diff

File redirect_on_exiting_auth.diff, 1.3 KB (added by radez, 6 years ago)

redirect on existing auth in login view

  • django/contrib/auth/views.py

     
    1717def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME):
    1818    "Displays the login form and handles the login action."
    1919    redirect_to = request.REQUEST.get(redirect_field_name, '')
     20    # Light security check -- make sure redirect_to isn't garbage.
     21    if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
     22        redirect_to = settings.LOGIN_REDIRECT_URL
     23    # if already authenticated just redirect
     24    if request.user and request.user.is_authenticated():
     25        return HttpResponseRedirect(settings.LOGIN_REDIRECT_URL)
    2026    if request.method == "POST":
    2127        form = AuthenticationForm(data=request.POST)
    2228        if form.is_valid():
    23             # Light security check -- make sure redirect_to isn't garbage.
    24             if not redirect_to or '//' in redirect_to or ' ' in redirect_to:
    25                 redirect_to = settings.LOGIN_REDIRECT_URL
    2629            from django.contrib.auth import login
    2730            login(request, form.get_user())
    2831            if request.session.test_cookie_worked():
Back to Top