Update web/core/views.py

2026-01-10 00:36:10 +00:00 · 2026-01-10 00:36:10 +00:00 · b165f4af38
commit b165f4af38
parent fea1a68edf
1 changed files with 19 additions and 1 deletions
--- a/web/core/views.py
+++ b/web/core/views.py
@ -54,10 +54,28 @@ EXPECTED_HEADERS = [
 ]

 def login_view(request):
+    # If Django session already exists, go straight in
    if request.user.is_authenticated:
        return redirect("search")
-    return redirect("oidc_authentication_init")

+    # Auto-start OIDC ONLY on a clean GET to /login/
+    # If ?next= is present, Django is already in a redirect flow — don't loop
+    if request.method == "GET" and "next" not in request.GET:
+        return redirect("oidc_authentication_init")
+
+    # Fallback (rare): render the page so the user can click manually
+    ctx = {}
+
+    if request.method == "POST":
+        u = request.POST.get("username")
+        p = request.POST.get("password")
+        user = authenticate(request, username=u, password=p)
+        if user:
+            login(request, user)
+            return redirect("search")
+        ctx["error"] = "Invalid credentials"
+
+    return render(request, "login.html", ctx)


 def is_admin(user):