Revision 65dad30c
b/snf-astakos-app/astakos/im/views/target/redirect.py | ||
---|---|---|
42 | 42 |
|
43 | 43 |
from urlparse import urlunsplit, urlsplit, parse_qsl |
44 | 44 |
|
45 |
from astakos.im import settings |
|
46 | 45 |
from astakos.im.util import restrict_next |
47 | 46 |
from astakos.im.functions import login as auth_login, logout |
48 | 47 |
from astakos.im.views.decorators import cookie_fix |
... | ... | |
54 | 53 |
logger = logging.getLogger(__name__) |
55 | 54 |
|
56 | 55 |
|
57 |
@require_http_methods(["GET", "POST"])
|
|
56 |
@require_http_methods(["GET"]) |
|
58 | 57 |
@cookie_fix |
59 | 58 |
def login(request): |
60 | 59 |
""" |
... | ... | |
63 | 62 |
If the request user is authenticated and has signed the approval terms, |
64 | 63 |
redirects to `next` request parameter. If not, redirects to approval terms |
65 | 64 |
in order to return back here after agreeing with the terms. |
66 |
Otherwise, redirects to login in order to return back here after successful login. |
|
65 |
Otherwise, redirects to login in order to return back here after successful |
|
66 |
login. |
|
67 | 67 |
""" |
68 | 68 |
next = request.GET.get('next') |
69 | 69 |
if not next: |
70 | 70 |
next = reverse('index') |
71 | 71 |
|
72 |
if not restrict_next( |
|
73 |
next, domain=settings.COOKIE_DOMAIN, allowed_schemes=('pithos',) |
|
74 |
): |
|
75 |
return HttpResponseForbidden(_(astakos_messages.NOT_ALLOWED_NEXT_PARAM)) |
|
72 |
if not restrict_next(next, allowed_schemes=('pithos',)): |
|
73 |
return HttpResponseForbidden(_( |
|
74 |
astakos_messages.NOT_ALLOWED_NEXT_PARAM)) |
|
76 | 75 |
force = request.GET.get('force', None) |
77 | 76 |
response = HttpResponse() |
78 | 77 |
if force == '' and request.user.is_authenticated(): |
... | ... | |
85 | 84 |
# first build next parameter |
86 | 85 |
parts = list(urlsplit(request.build_absolute_uri())) |
87 | 86 |
params = dict(parse_qsl(parts[3], keep_blank_values=True)) |
88 |
# delete force parameter |
|
89 | 87 |
parts[3] = urlencode(params) |
90 | 88 |
next = urlunsplit(parts) |
91 | 89 |
|
... | ... | |
143 | 141 |
response['Location'] = url |
144 | 142 |
response.status_code = 302 |
145 | 143 |
return response |
146 |
|
Also available in: Unified diff