Small tweak for login redirect

This commit is contained in:
Oliver Walters 2020-05-04 08:53:47 +10:00
parent 461d694cf8
commit 2c44104c9c
2 changed files with 9 additions and 6 deletions

View File

@ -58,7 +58,7 @@ class AuthRequiredMiddleware(object):
# Does the provided token match a valid user?
if Token.objects.filter(key=token).exists():
allowed = ['/media/', '/static/']
allowed = ['/api/', '/media/', '/static/']
# Only allow token-auth for /media/ or /static/ dirs!
if any([request.path_info.startswith(a) for a in allowed]):
@ -66,10 +66,16 @@ class AuthRequiredMiddleware(object):
# No authorization was found for the request
if not authorized:
# A logout request will redirect the user to the login screen
if request.path_info == reverse_lazy('logout'):
return HttpResponseRedirect(reverse_lazy('login'))
if not request.path_info == reverse_lazy('login') and not request.path_info.startswith('/api/'):
return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))
login = reverse_lazy('login')
if not request.path_info == login and not request.path_info.startswith('/api/'):
# Save the 'next' parameter to pass through to the login view
return redirect('%s?next=%s' % (login, request.path))
# Code to be executed for each request/response after
# the view is called.

View File

@ -39,9 +39,6 @@ else:
with open(cfg_filename, 'r') as cfg:
CONFIG = yaml.safe_load(cfg)
#provide a default login url
LOGIN_URL = "/login"
# Read the autogenerated key-file
key_file = open(os.path.join(BASE_DIR, 'secret_key.txt'), 'r')