Merge pull request #526 from akvo/feature/301_sign_in_redirect

[#301] Added URLs blacklist for redirection
akvo · Apr 28, 2014 · 9800692 · 9800692
2 parents ce60cc6 + 7372c74
commit 9800692
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 5 deletions.
diff --git a/akvo/rsr/views.py b/akvo/rsr/views.py
@@ -412,9 +412,16 @@ def partners_widget(request, org_type='all'):
 def login(request, template_name='registration/login.html', redirect_field_name=REDIRECT_FIELD_NAME):
     "Displays the login form and handles the login action."
     redirect_to = request.REQUEST.get(redirect_field_name, '')
-    # Check for exeptions to the return to start of sign in process
-    if redirect_to == "/accounts/register/complete/":
-        redirect_to = "/home"
+
+    # Non logical URLs for redirection after signing in
+    redirect_blacklist = [reverse('signin'),
+                          reverse('signout'),
+                          reverse('register1'),
+                          reverse('register2'),
+                          reverse('registration_update_complete')]
+
+    if redirect_to in redirect_blacklist:
+        redirect_to = "/"
 
     if request.method == "POST":
         form = AuthenticationForm(data=request.POST)

diff --git a/akvo/rsr/views_partner_sites/auth.py b/akvo/rsr/views_partner_sites/auth.py
@@ -42,7 +42,15 @@ def dispatch(self, *args, **kwargs):
     def form_valid(self, form):
         """On valid form login and redirect the user to the appropriate url"""
         login(self.request, form.get_user())
-        return HttpResponseRedirect(self.request.POST.get('next', '/'))
+
+        redirect_blacklist = [reverse('sign_in'),
+                              reverse('sign_out')]
+
+        redirect_to = self.request.POST.get('next', '/')
+        if redirect_to in redirect_blacklist:
+            redirect_to = "/"
+
+        return HttpResponseRedirect(redirect_to)
 
     def get_context_data(self, **kwargs):
         context = super(SignInView, self).get_context_data(**kwargs)
@@ -88,8 +96,8 @@ def _get_redirect_url(self):
         hostname = self.request.partner_site.hostname
         app_domain = getattr(settings, 'AKVOAPP_DOMAIN', 'akvoapp.org')
         request_path = self.request.get_full_path()
-        url = 'http://%s.%s%s' % (hostname, app_domain, request_path)
 
+        url = 'http://%s.%s%s' % (hostname, app_domain, request_path)
         if getattr(settings, 'HTTPS_SUPPORT', True):
             return url.replace('http://', 'https://')
         return url