diff --git a/InvenTree/InvenTree/middleware.py b/InvenTree/InvenTree/middleware.py index d68db75de8..26cbc95bbf 100644 --- a/InvenTree/InvenTree/middleware.py +++ b/InvenTree/InvenTree/middleware.py @@ -2,8 +2,6 @@ from django.shortcuts import HttpResponseRedirect from django.urls import reverse_lazy from django.db import connection from django.shortcuts import redirect -from django.conf import settings -from django.shortcuts import redirect import logging import time import operator @@ -58,7 +56,7 @@ class AuthRequiredMiddleware(object): # Does the provided token match a valid user? if Token.objects.filter(key=token).exists(): - allowed = ['/media/', '/static/'] + allowed = ['/api/', '/media/', '/static/'] # Only allow token-auth for /media/ or /static/ dirs! if any([request.path_info.startswith(a) for a in allowed]): @@ -66,10 +64,16 @@ class AuthRequiredMiddleware(object): # No authorization was found for the request if not authorized: + # A logout request will redirect the user to the login screen if request.path_info == reverse_lazy('logout'): return HttpResponseRedirect(reverse_lazy('login')) - if not request.path_info == reverse_lazy('login') and not request.path_info.startswith('/api/'): - return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path)) + + login = reverse_lazy('login') + + if not request.path_info == login and not request.path_info.startswith('/api/'): + # Save the 'next' parameter to pass through to the login view + + return redirect('%s?next=%s' % (login, request.path)) # Code to be executed for each request/response after # the view is called. diff --git a/InvenTree/InvenTree/settings.py b/InvenTree/InvenTree/settings.py index 30ff234598..797924fd36 100644 --- a/InvenTree/InvenTree/settings.py +++ b/InvenTree/InvenTree/settings.py @@ -39,9 +39,6 @@ else: with open(cfg_filename, 'r') as cfg: CONFIG = yaml.safe_load(cfg) -#provide a default login url -LOGIN_URL = "/login" - # Read the autogenerated key-file key_file = open(os.path.join(BASE_DIR, 'secret_key.txt'), 'r')