Giter VIP home page Giter VIP logo

Comments (6)

foarsitter avatar foarsitter commented on June 5, 2024

When applying your proposal I'm facing ERR_TOO_MANY_REDIRECTS.

from cookiecutter-django.

jkaeske avatar jkaeske commented on June 5, 2024

It is true, I did not realize that the first time...
Maybe it is a django-allauth problem?
If I log in as a non staff member with the snippet from the allauth docs the too many redirects error is raised
If I take the current admin.site.login = decorators.login_required(admin.site.login) snippet I can go around the allauth login flow.

from cookiecutter-django.

foarsitter avatar foarsitter commented on June 5, 2024

Perhaps we can destroy the current session when this occurs? The the user is redirected to the correct form with the correct redirect url.

from cookiecutter-django.

jkaeske avatar jkaeske commented on June 5, 2024

Something like this would work to check if the user is a staff member and if not automatically perform a logout, display an error message and redirect to the login page:

from django.contrib.auth import decorators, logout
from django.shortcuts import redirect
from django.contrib import messages

if settings.DJANGO_ADMIN_FORCE_ALLAUTH:
    # Define a custom AdminSite class to check if the user is a staff member
    class CustomAdminSite(admin.AdminSite):
        def login(self, request, extra_context=None):
            if request.user.is_authenticated and not request.user.is_staff:
                logout(request)
                storage = messages.get_messages(request)
                # Clear all other messages first
                storage.used = True
                messages.error(
                    request, "You are not authorized and have been logged out."
                )
                return redirect("account_login")
            return super().login(request, extra_context)

    admin.site = CustomAdminSite()

    # Force the `admin` sign in process to go through the `django-allauth` workflow:
    # https://django-allauth.readthedocs.io/en/stable/advanced.html#admin
    admin.site.login = decorators.login_required(admin.site.login)  # type: ignore[method-assign]

Not sure if you meant somthing like that

from cookiecutter-django.

foarsitter avatar foarsitter commented on June 5, 2024

Exactly what I meant! Do you mind providing a PR (when you do, do not forget to translate the error message)?

from cookiecutter-django.

jkaeske avatar jkaeske commented on June 5, 2024

Perfect!
No worries I will do a PR in the next days :)

from cookiecutter-django.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.