Merge pull request #783 from SchrodingersGat/redirect-tweaks

Redirect tweaks
2024-08-30 18:33:04 +00:00 · 2020-05-04 08:58:35 +10:00 · 2020-05-04 08:58:35 +10:00 · 78cc3a9cf3
commit 78cc3a9cf3
parent 461d694cf8 436fb3bf30
2 changed files with 9 additions and 8 deletions
--- a/InvenTree/InvenTree/middleware.py
+++ b/InvenTree/InvenTree/middleware.py
@ -2,8 +2,6 @@ from django.shortcuts import HttpResponseRedirect
 from django.urls import reverse_lazy
 from django.db import connection
 from django.shortcuts import redirect
-from django.conf import settings
-from django.shortcuts import redirect
 import logging
 import time
 import operator
@ -58,7 +56,7 @@ class AuthRequiredMiddleware(object):
                    # Does the provided token match a valid user?
                    if Token.objects.filter(key=token).exists():

-                        allowed = ['/media/', '/static/']
+                        allowed = ['/api/', '/media/', '/static/']

                        # Only allow token-auth for /media/ or /static/ dirs!
                        if any([request.path_info.startswith(a) for a in allowed]):
@ -66,10 +64,16 @@ class AuthRequiredMiddleware(object):

            # No authorization was found for the request
            if not authorized:
+                # A logout request will redirect the user to the login screen
                if request.path_info == reverse_lazy('logout'):
                    return HttpResponseRedirect(reverse_lazy('login'))
-                if not request.path_info == reverse_lazy('login') and not request.path_info.startswith('/api/'):
-                    return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path))
+
+                login = reverse_lazy('login')
+
+                if not request.path_info == login and not request.path_info.startswith('/api/'):
+                    # Save the 'next' parameter to pass through to the login view
+
+                    return redirect('%s?next=%s' % (login, request.path))

        # Code to be executed for each request/response after
        # the view is called.
--- a/InvenTree/InvenTree/settings.py
+++ b/InvenTree/InvenTree/settings.py
@ -39,9 +39,6 @@ else:
    with open(cfg_filename, 'r') as cfg:
        CONFIG = yaml.safe_load(cfg)

-#provide a default login url
-LOGIN_URL = "/login"
-
 # Read the autogenerated key-file
 key_file = open(os.path.join(BASE_DIR, 'secret_key.txt'), 'r')