Commit 5d85fab2 by Carlos Andrés Rocha

Fix django auth login redirection

The django authentication decorator login_required, redirects to
settings.LOGIN_URL. If it is missing, it redirects to /accounts/login.

We did not have the setting enable, not a proper page where to
redirect. This cause users not logged in to see a 404 error when
accessing courseware directly, by using a link or a bookmark.

[#41499213]
parent 89527281
...@@ -333,6 +333,18 @@ def change_enrollment(request): ...@@ -333,6 +333,18 @@ def change_enrollment(request):
return {'success': False, 'error': 'We weren\'t able to unenroll you. Please try again.'} return {'success': False, 'error': 'We weren\'t able to unenroll you. Please try again.'}
@ensure_csrf_cookie
def accounts_login(request, error=""):
return_to = ''
return render_to_response('accounts_login.html', {
'error': error,
'return_to': return_to
})
# Need different levels of logging # Need different levels of logging
@ensure_csrf_cookie @ensure_csrf_cookie
def login_user(request, error=""): def login_user(request, error=""):
......
...@@ -187,6 +187,9 @@ DEBUG_TRACK_LOG = False ...@@ -187,6 +187,9 @@ DEBUG_TRACK_LOG = False
MITX_ROOT_URL = '' MITX_ROOT_URL = ''
LOGIN_REDIRECT_URL = MITX_ROOT_URL + '/accounts/login'
LOGIN_URL = MITX_ROOT_URL + '/accounts/login'
COURSE_NAME = "6.002_Spring_2012" COURSE_NAME = "6.002_Spring_2012"
COURSE_NUMBER = "6.002x" COURSE_NUMBER = "6.002x"
COURSE_TITLE = "Circuits and Electronics" COURSE_TITLE = "Circuits and Electronics"
......
<%! from django.core.urlresolvers import reverse %>
<%inherit file="main.html" />
<%namespace name='static' file='static_content.html'/>
<%block name="headextra">
<style type="text/css">
.login-box {
display: block;
position: relative;
left: 0;
margin: 100px auto;
top: 0;
z-index: 200;
}
.login-box input[type=submit] {
white-space: normal;
height: auto !important;
}
#lean_overlay {
display: block;
position: fixed;
left: 0px;
top: 0px;
z-index: 100;
width:100%;
height:100%;
}
</style>
</%block>
<section id="login-modal" class="modal login-modal login-box">
<div class="inner-wrapper">
<header>
<h2>Log In</h2>
<hr>
</header>
<form id="login_form" class="login_form" method="post" data-remote="true" action="/login">
<label>E-mail</label>
<input name="email" type="email">
<label>Password</label>
<input name="password" type="password">
<label class="remember-me">
<input name="remember" type="checkbox" value="true">
Remember me
</label>
<div class="submit">
<input name="submit" type="submit" value="Access My Courses">
</div>
</form>
<section class="login-extra">
<p>
<span>Not enrolled? <a href="#signup-modal" class="close-login" rel="leanModal">Sign up.</a></span>
<a href="#forgot-password-modal" rel="leanModal" class="pwd-reset">Forgot password?</a>
</p>
% if settings.MITX_FEATURES.get('AUTH_USE_OPENID'):
<p>
<a href="${MITX_ROOT_URL}/openid/login/">login via openid</a>
</p>
% endif
</section>
<div class="close-modal">
<div class="inner">
<p>&#10005;</p>
</div>
</div>
</div>
</section>
<script type="text/javascript">
(function() {
$(document).delegate('#login_form', 'ajax:success', function(data, json, xhr) {
if(json.success) {
next = getParameterByName('next');
if(next) {
location.href = next;
} else {
location.href = "${reverse('dashboard')}";
}
} else {
if($('#login_error').length == 0) {
$('#login_form').prepend('<div id="login_error" class="modal-form-error"></div>');
}
$('#login_error').html(json.value).stop().css("display", "block");
}
});
})(this)
</script>
...@@ -37,6 +37,8 @@ urlpatterns = ('', ...@@ -37,6 +37,8 @@ urlpatterns = ('',
url(r'^event$', 'track.views.user_track'), url(r'^event$', 'track.views.user_track'),
url(r'^t/(?P<template>[^/]*)$', 'static_template_view.views.index'), # TODO: Is this used anymore? What is STATIC_GRAB? url(r'^t/(?P<template>[^/]*)$', 'static_template_view.views.index'), # TODO: Is this used anymore? What is STATIC_GRAB?
url(r'^accounts/login$', 'student.views.accounts_login', name="accounts_login"),
url(r'^login$', 'student.views.login_user', name="login"), url(r'^login$', 'student.views.login_user', name="login"),
url(r'^login/(?P<error>[^/]*)$', 'student.views.login_user'), url(r'^login/(?P<error>[^/]*)$', 'student.views.login_user'),
url(r'^logout$', 'student.views.logout_user', name='logout'), url(r'^logout$', 'student.views.logout_user', name='logout'),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment