diff --git a/InvenTree/InvenTree/test_views.py b/InvenTree/InvenTree/test_views.py index 79c029941d..bab93e69eb 100644 --- a/InvenTree/InvenTree/test_views.py +++ b/InvenTree/InvenTree/test_views.py @@ -119,3 +119,16 @@ class ViewTests(InvenTreeTestCase): for panel in staff_panels + plugin_panels: self.assertNotIn(f"select-{panel}", content) self.assertNotIn(f"panel-{panel}", content) + + def test_url_login(self): + """Test logging in via arguments""" + + # Log out + self.client.logout() + response = self.client.get("/index/") + self.assertEqual(response.status_code, 302) + + # Try login with url + response = self.client.get(f"/accounts/login/?next=/&login={self.username}&password={self.password}") + self.assertEqual(response.status_code, 302) + self.assertEqual(response.url, '/') diff --git a/InvenTree/InvenTree/urls.py b/InvenTree/InvenTree/urls.py index 55e18e73c7..a4a64f3ad8 100644 --- a/InvenTree/InvenTree/urls.py +++ b/InvenTree/InvenTree/urls.py @@ -32,7 +32,7 @@ from users.api import user_urls from .api import InfoView, NotFoundView from .views import (AboutView, AppearanceSelectView, CurrencyRefreshView, - CustomConnectionsView, CustomEmailView, + CustomConnectionsView, CustomEmailView, CustomLoginView, CustomPasswordResetFromKeyView, CustomSessionDeleteOtherView, CustomSessionDeleteView, CustomTwoFactorRemove, DatabaseStatsView, DynamicJsView, @@ -168,6 +168,9 @@ frontendpatterns = [ # See https://github.com/inventree/InvenTree/security/advisories/GHSA-8j76-mm54-52xq re_path(r'^accounts/two_factor/remove/?$', CustomTwoFactorRemove.as_view(), name='two-factor-remove'), + # Override login page + re_path("accounts/login/", CustomLoginView.as_view(), name="account_login"), + re_path(r'^accounts/', include('allauth_2fa.urls')), # MFA support re_path(r'^accounts/', include('allauth.urls')), # included urlpatterns ] diff --git a/InvenTree/InvenTree/views.py b/InvenTree/InvenTree/views.py index 6c2b0e8779..ecb6085cb7 100644 --- a/InvenTree/InvenTree/views.py +++ b/InvenTree/InvenTree/views.py @@ -24,7 +24,8 @@ from django.views.generic.base import RedirectView, TemplateView from allauth.account.forms import AddEmailForm from allauth.account.models import EmailAddress -from allauth.account.views import EmailView, PasswordResetFromKeyView +from allauth.account.views import (EmailView, LoginView, + PasswordResetFromKeyView) from allauth.socialaccount.forms import DisconnectForm from allauth.socialaccount.views import ConnectionsView from allauth_2fa.views import TwoFactorRemove @@ -700,6 +701,23 @@ class CustomSessionDeleteOtherView(UserSessionOverride, SessionDeleteOtherView): pass +class CustomLoginView(LoginView): + """Custom login view that allows login with urlargs.""" + + def get(self, request, *args, **kwargs): + """Extendend get to allow for auth via url args.""" + # Check if login is present + if 'login' in request.GET: + # Initiate form + form = self.get_form_class()(request.GET.dict(), request=request) + + # Try to login + form.full_clean() + return form.login(request) + + return super().get(request, *args, **kwargs) + + class CurrencyRefreshView(RedirectView): """POST endpoint to refresh / update exchange rates."""