Update web/core/views.py
This commit is contained in:
+9
-4
@@ -54,17 +54,21 @@ EXPECTED_HEADERS = [
|
|||||||
]
|
]
|
||||||
|
|
||||||
def login_view(request):
|
def login_view(request):
|
||||||
# Already logged into Django
|
# If Django session already exists, go to app
|
||||||
if request.user.is_authenticated:
|
if request.user.is_authenticated:
|
||||||
return redirect("search")
|
return redirect("search")
|
||||||
|
|
||||||
# Auto-initiate OIDC only for direct /login access
|
# Only auto-start OIDC if this is a fresh browser visit
|
||||||
if request.method == "GET" and request.path == "/login/":
|
# and NOT a redirect coming from Django itself
|
||||||
|
if (
|
||||||
|
request.method == "GET"
|
||||||
|
and "next" not in request.GET
|
||||||
|
):
|
||||||
return redirect("oidc_authentication_init")
|
return redirect("oidc_authentication_init")
|
||||||
|
|
||||||
|
# Fallback: show login page (rare, but prevents loops)
|
||||||
ctx = {}
|
ctx = {}
|
||||||
|
|
||||||
# Optional local login fallback
|
|
||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
u = request.POST.get("username")
|
u = request.POST.get("username")
|
||||||
p = request.POST.get("password")
|
p = request.POST.get("password")
|
||||||
@@ -77,6 +81,7 @@ def login_view(request):
|
|||||||
return render(request, "login.html", ctx)
|
return render(request, "login.html", ctx)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def is_admin(user):
|
def is_admin(user):
|
||||||
return user.is_superuser or user.is_staff
|
return user.is_superuser or user.is_staff
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user