All geek questions in one place

Django 1.2: login issue (GET parameter: next)

I have a new question about django (I am posting the lost ones these days ^^).

Here is my situation: I have a custom login view (registered as the settings login URL) where I authenticate users. I decided to do a custom scan to be able to add messages and log.

Authentication works well, but I have a problem with the GET parameter "next". It is automatically installed using views that redirect users to authenticate. It is used in my view to redirect the user after a successful login.

Here is the code:

from django.http import HttpResponse
from django.core.urlresolvers import reverse
from django.http import HttpResponseRedirect
from django.shortcuts import render_to_response
from django.utils.translation import ugettext as _
from django.contrib import messages
from django.template import RequestContext
from django.contrib.auth import authenticate, login, logout

import logging
logger = logging.getLogger("views")

def login_user(request):
    """
    Displays the login form or authenticates the user if called by POST.
    """
    accepted = False

    next = request.GET.get('next', None)

    if not request.user.is_authenticated():
        if request.POST:
            # Get the form data and check the user credentials
            username = request.POST['username']
            password = request.POST['password']
            user = authenticate(username=username, password=password)

            if user is not None:
                if user.is_active:
                    # Log the user in
                    login(request, user)
                    logger.info("Login of user : %s", user.username)

                    # Confirm the login
                    messages.success(request,_('Login successful. Welcome !'))
                    accepted = True
                else:
                    messages.error(request,_('This account has been disabled by the administrator.'))
            else:
                messages.warning(request,_('The given username or password is invalid. Please try again.'))
    else:
        # If already authenticated
        accepted = True

    # Choose where to go
    if accepted:
        return HttpResponse(next)
        if next:
            return HttpResponseRedirect(next)
        else:
            return HttpResponseRedirect(reverse('myview'))
    else:
        return render_to_response('login.html',
                                    context_instance=RequestContext(request))

The next parameter is correct when the user accesses the login window when he is already authenticated (first time).

/editor/ 25 () , "next" , URL- ( "/editor/25" ).

. , authenticate() login() (django.contrib.auth).

.

+3
2

/editor/ 25 () , "next" , URL- ( "/editor/25" ).

. , URL ?next=/editor/25/ ? request.GET , .

, next request.GET () . auth module login. , next request.POST POST.

+3

Source: https://habr.com/ru/post/1768019/

More articles:


All Articles