mirror of
https://github.com/inventree/InvenTree
synced 2024-08-30 18:33:04 +00:00
Login with url (#3465)
* [FR] Login should support credentials in url Fixes #3464 POC * repect allauths API * add tests
This commit is contained in:
Matthias Mair
GitHub
parent
a59ac63de4
commit
727a43b7fc
@ -119,3 +119,16 @@ class ViewTests(InvenTreeTestCase):
|
||||
for panel in staff_panels + plugin_panels:
|
||||
self.assertNotIn(f"select-{panel}", content)
|
||||
self.assertNotIn(f"panel-{panel}", content)
|
||||
|
||||
def test_url_login(self):
|
||||
"""Test logging in via arguments"""
|
||||
|
||||
# Log out
|
||||
self.client.logout()
|
||||
response = self.client.get("/index/")
|
||||
self.assertEqual(response.status_code, 302)
|
||||
|
||||
# Try login with url
|
||||
response = self.client.get(f"/accounts/login/?next=/&login={self.username}&password={self.password}")
|
||||
self.assertEqual(response.status_code, 302)
|
||||
self.assertEqual(response.url, '/')
|
||||
|
||||
@ -32,7 +32,7 @@ from users.api import user_urls
|
||||
|
||||
from .api import InfoView, NotFoundView
|
||||
from .views import (AboutView, AppearanceSelectView, CurrencyRefreshView,
|
||||
CustomConnectionsView, CustomEmailView,
|
||||
CustomConnectionsView, CustomEmailView, CustomLoginView,
|
||||
CustomPasswordResetFromKeyView,
|
||||
CustomSessionDeleteOtherView, CustomSessionDeleteView,
|
||||
CustomTwoFactorRemove, DatabaseStatsView, DynamicJsView,
|
||||
@ -168,6 +168,9 @@ frontendpatterns = [
|
||||
# See https://github.com/inventree/InvenTree/security/advisories/GHSA-8j76-mm54-52xq
|
||||
re_path(r'^accounts/two_factor/remove/?$', CustomTwoFactorRemove.as_view(), name='two-factor-remove'),
|
||||
|
||||
# Override login page
|
||||
re_path("accounts/login/", CustomLoginView.as_view(), name="account_login"),
|
||||
|
||||
re_path(r'^accounts/', include('allauth_2fa.urls')), # MFA support
|
||||
re_path(r'^accounts/', include('allauth.urls')), # included urlpatterns
|
||||
]
|
||||
|
||||
@ -24,7 +24,8 @@ from django.views.generic.base import RedirectView, TemplateView
|
||||
|
||||
from allauth.account.forms import AddEmailForm
|
||||
from allauth.account.models import EmailAddress
|
||||
from allauth.account.views import EmailView, PasswordResetFromKeyView
|
||||
from allauth.account.views import (EmailView, LoginView,
|
||||
PasswordResetFromKeyView)
|
||||
from allauth.socialaccount.forms import DisconnectForm
|
||||
from allauth.socialaccount.views import ConnectionsView
|
||||
from allauth_2fa.views import TwoFactorRemove
|
||||
@ -700,6 +701,23 @@ class CustomSessionDeleteOtherView(UserSessionOverride, SessionDeleteOtherView):
|
||||
pass
|
||||
|
||||
|
||||
class CustomLoginView(LoginView):
|
||||
"""Custom login view that allows login with urlargs."""
|
||||
|
||||
def get(self, request, *args, **kwargs):
|
||||
"""Extendend get to allow for auth via url args."""
|
||||
# Check if login is present
|
||||
if 'login' in request.GET:
|
||||
# Initiate form
|
||||
form = self.get_form_class()(request.GET.dict(), request=request)
|
||||
|
||||
# Try to login
|
||||
form.full_clean()
|
||||
return form.login(request)
|
||||
|
||||
return super().get(request, *args, **kwargs)
|
||||
|
||||
|
||||
class CurrencyRefreshView(RedirectView):
|
||||
"""POST endpoint to refresh / update exchange rates."""
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user