Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Login with url (#3465)

Browse Source 
* [FR] Login should support credentials in url
Fixes #3464
POC

* repect allauths API

* add tests
This commit is contained in:
Matthias Mair 2022-08-04 01:05:44 +02:00 committed by GitHub
parent a59ac63de4
commit 727a43b7fc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
InvenTree/InvenTree/test_views.py
View File

@ -119,3 +119,16 @@ class ViewTests(InvenTreeTestCase):
for panel in staff_panels + plugin_panels: for panel in staff_panels + plugin_panels:
self.assertNotIn(f"select-{panel}", content) self.assertNotIn(f"select-{panel}", content)
self.assertNotIn(f"panel-{panel}", content) self.assertNotIn(f"panel-{panel}", content)
def test_url_login(self):
"""Test logging in via arguments"""
# Log out
self.client.logout()
response = self.client.get("/index/")
self.assertEqual(response.status_code, 302)
# Try login with url
response = self.client.get(f"/accounts/login/?next=/&login={self.username}&password={self.password}")
self.assertEqual(response.status_code, 302)
self.assertEqual(response.url, '/')

5
InvenTree/InvenTree/urls.py
View File

@ -32,7 +32,7 @@ from users.api import user_urls
from .api import InfoView, NotFoundView from .api import InfoView, NotFoundView
from .views import (AboutView, AppearanceSelectView, CurrencyRefreshView, from .views import (AboutView, AppearanceSelectView, CurrencyRefreshView,
CustomConnectionsView, CustomEmailView, CustomConnectionsView, CustomEmailView, CustomLoginView,
CustomPasswordResetFromKeyView, CustomPasswordResetFromKeyView,
CustomSessionDeleteOtherView, CustomSessionDeleteView, CustomSessionDeleteOtherView, CustomSessionDeleteView,
CustomTwoFactorRemove, DatabaseStatsView, DynamicJsView, CustomTwoFactorRemove, DatabaseStatsView, DynamicJsView,
@ -168,6 +168,9 @@ frontendpatterns = [
# See https://github.com/inventree/InvenTree/security/advisories/GHSA-8j76-mm54-52xq # See https://github.com/inventree/InvenTree/security/advisories/GHSA-8j76-mm54-52xq
re_path(r'^accounts/two_factor/remove/?$', CustomTwoFactorRemove.as_view(), name='two-factor-remove'), re_path(r'^accounts/two_factor/remove/?$', CustomTwoFactorRemove.as_view(), name='two-factor-remove'),
# Override login page
re_path("accounts/login/", CustomLoginView.as_view(), name="account_login"),
re_path(r'^accounts/', include('allauth_2fa.urls')), # MFA support re_path(r'^accounts/', include('allauth_2fa.urls')), # MFA support
re_path(r'^accounts/', include('allauth.urls')), # included urlpatterns re_path(r'^accounts/', include('allauth.urls')), # included urlpatterns
] ]

20
InvenTree/InvenTree/views.py
View File

@ -24,7 +24,8 @@ from django.views.generic.base import RedirectView, TemplateView
from allauth.account.forms import AddEmailForm from allauth.account.forms import AddEmailForm
from allauth.account.models import EmailAddress from allauth.account.models import EmailAddress
from allauth.account.views import EmailView, PasswordResetFromKeyView from allauth.account.views import (EmailView, LoginView,
PasswordResetFromKeyView)
from allauth.socialaccount.forms import DisconnectForm from allauth.socialaccount.forms import DisconnectForm
from allauth.socialaccount.views import ConnectionsView from allauth.socialaccount.views import ConnectionsView
from allauth_2fa.views import TwoFactorRemove from allauth_2fa.views import TwoFactorRemove
@ -700,6 +701,23 @@ class CustomSessionDeleteOtherView(UserSessionOverride, SessionDeleteOtherView):
pass pass
class CustomLoginView(LoginView):
"""Custom login view that allows login with urlargs."""
def get(self, request, *args, **kwargs):
"""Extendend get to allow for auth via url args."""
# Check if login is present
if 'login' in request.GET:
# Initiate form
form = self.get_form_class()(request.GET.dict(), request=request)
# Try to login
form.full_clean()
return form.login(request)
return super().get(request, *args, **kwargs)
class CurrencyRefreshView(RedirectView): class CurrencyRefreshView(RedirectView):
"""POST endpoint to refresh / update exchange rates.""" """POST endpoint to refresh / update exchange rates."""