Small tweak for login redirect

InvenTree/InvenTree/middleware.py

@@ -58,7 +58,7 @@ class AuthRequiredMiddleware(object):
                     # Does the provided token match a valid user?
                     if Token.objects.filter(key=token).exists():
 
-                        allowed = ['/media/', '/static/']
+                        allowed = ['/api/', '/media/', '/static/']
 
                         # Only allow token-auth for /media/ or /static/ dirs!
                         if any([request.path_info.startswith(a) for a in allowed]):
@@ -66,10 +66,16 @@ class AuthRequiredMiddleware(object):
 
             # No authorization was found for the request
             if not authorized:
+                # A logout request will redirect the user to the login screen
                 if request.path_info == reverse_lazy('logout'):
                     return HttpResponseRedirect(reverse_lazy('login'))
-                if not request.path_info == reverse_lazy('login') and not request.path_info.startswith('/api/'):
+
-                    return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))
+                login = reverse_lazy('login')
+
+                if not request.path_info == login and not request.path_info.startswith('/api/'):
+                    # Save the 'next' parameter to pass through to the login view
+
+                    return redirect('%s?next=%s' % (login, request.path))
 
         # Code to be executed for each request/response after
         # the view is called.

InvenTree/InvenTree/settings.py

@@ -39,9 +39,6 @@ else:
     with open(cfg_filename, 'r') as cfg:
         CONFIG = yaml.safe_load(cfg)
 
-#provide a default login url
-LOGIN_URL = "/login"
-
 # Read the autogenerated key-file
 key_file = open(os.path.join(BASE_DIR, 'secret_key.txt'), 'r')