Update web/core/views.py

2026-01-10 00:19:21 +00:00 · 2026-01-10 00:19:21 +00:00 · e18807f8f8
commit e18807f8f8
parent 03ddc93780
1 changed files with 9 additions and 4 deletions
--- a/web/core/views.py
+++ b/web/core/views.py
@ -54,17 +54,21 @@ EXPECTED_HEADERS = [
 ]

 def login_view(request):
-    # Already logged into Django
+    # If Django session already exists, go to app
    if request.user.is_authenticated:
        return redirect("search")

-    # Auto-initiate OIDC only for direct /login access
-    if request.method == "GET" and request.path == "/login/":
+    # Only auto-start OIDC if this is a fresh browser visit
+    # and NOT a redirect coming from Django itself
+    if (
+        request.method == "GET"
+        and "next" not in request.GET
+    ):
        return redirect("oidc_authentication_init")

+    # Fallback: show login page (rare, but prevents loops)
    ctx = {}

-    # Optional local login fallback
    if request.method == "POST":
        u = request.POST.get("username")
        p = request.POST.get("password")
@ -77,6 +81,7 @@ def login_view(request):
    return render(request, "login.html", ctx)


+
 def is_admin(user):
    return user.is_superuser or user.is_staff