Update web/core/views.py

2026-01-10 00:37:45 +00:00 · 2026-01-10 00:37:45 +00:00 · 166835c2a9
commit 166835c2a9
parent b165f4af38
1 changed files with 8 additions and 5 deletions
--- a/web/core/views.py
+++ b/web/core/views.py
@ -54,16 +54,19 @@ EXPECTED_HEADERS = [
 ]

 def login_view(request):
-    # If Django session already exists, go straight in
+    # If Django session already exists, go to app
    if request.user.is_authenticated:
        return redirect("search")

-    # Auto-start OIDC ONLY on a clean GET to /login/
-    # If ?next= is present, Django is already in a redirect flow — don't loop
-    if request.method == "GET" and "next" not in request.GET:
+    # Only auto-start OIDC if this is a fresh browser visit
+    # and NOT a redirect coming from Django itself
+    if (
+        request.method == "GET"
+        and "next" not in request.GET
+    ):
        return redirect("oidc_authentication_init")

-    # Fallback (rare): render the page so the user can click manually
+    # Fallback: show login page (rare, but prevents loops)
    ctx = {}

    if request.method == "POST":