Mirrored_Repos/InvenTree
1
0
Fork 0
mirror of https://github.com/inventree/InvenTree synced 2024-08-30 18:33:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #783 from SchrodingersGat/redirect-tweaks

Browse Source 
Redirect tweaks
This commit is contained in:
Oliver 2020-05-04 08:58:35 +10:00 committed by GitHub
commit 78cc3a9cf3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
InvenTree/InvenTree/middleware.py
View File

@ -2,8 +2,6 @@ from django.shortcuts import HttpResponseRedirect
from django.urls import reverse_lazy from django.urls import reverse_lazy
from django.db import connection from django.db import connection
from django.shortcuts import redirect from django.shortcuts import redirect
from django.conf import settings
from django.shortcuts import redirect
import logging import logging
import time import time
import operator import operator
@ -58,7 +56,7 @@ class AuthRequiredMiddleware(object):
# Does the provided token match a valid user? # Does the provided token match a valid user?
if Token.objects.filter(key=token).exists(): if Token.objects.filter(key=token).exists():
allowed = ['/media/', '/static/'] allowed = ['/api/', '/media/', '/static/']
# Only allow token-auth for /media/ or /static/ dirs! # Only allow token-auth for /media/ or /static/ dirs!
if any([request.path_info.startswith(a) for a in allowed]): if any([request.path_info.startswith(a) for a in allowed]):
@ -66,10 +64,16 @@ class AuthRequiredMiddleware(object):
# No authorization was found for the request # No authorization was found for the request
if not authorized: if not authorized:
# A logout request will redirect the user to the login screen
if request.path_info == reverse_lazy('logout'): if request.path_info == reverse_lazy('logout'):
return HttpResponseRedirect(reverse_lazy('login')) return HttpResponseRedirect(reverse_lazy('login'))
if not request.path_info == reverse_lazy('login') and not request.path_info.startswith('/api/'):
return redirect('%s?next=%s' % (settings.LOGIN_URL, request.path)) login = reverse_lazy('login')
if not request.path_info == login and not request.path_info.startswith('/api/'):
# Save the 'next' parameter to pass through to the login view
return redirect('%s?next=%s' % (login, request.path))
# Code to be executed for each request/response after # Code to be executed for each request/response after
# the view is called. # the view is called.

3
InvenTree/InvenTree/settings.py
View File

@ -39,9 +39,6 @@ else:
with open(cfg_filename, 'r') as cfg: with open(cfg_filename, 'r') as cfg:
CONFIG = yaml.safe_load(cfg) CONFIG = yaml.safe_load(cfg)
#provide a default login url
LOGIN_URL = "/login"
# Read the autogenerated key-file # Read the autogenerated key-file
key_file = open(os.path.join(BASE_DIR, 'secret_key.txt'), 'r') key_file = open(os.path.join(BASE_DIR, 'secret_key.txt'), 'r')