发表新帖
发表新帖

Redirect to Next after login in Django

前端 未结
关注
5 3077
爱一瞬间的悲伤
爱一瞬间的悲伤 2021-02-09 08:09

When a user accesses a url which requires login. The view decorator redirects to the login page. after the user enters his username and password how can I redirect the user to t

相关标签:
5条回答
  • 暖寄归人
    2021-02-09 08:38

    The accepted answer does check for the next parameter redirecting to an external site. For many applications that would be a security issue. Django has that functionality inbuilt in form of the django.utils.http.is_safe_url function. It can be used like this:

    from django.shortcuts import redirect
from django.utils.http import is_safe_url
from django.conf import settings

def redirect_after_login(request):
    nxt = request.GET.get("next", None)
    if nxt is None:
        return redirect(settings.LOGIN_REDIRECT_URL)
    elif not is_safe_url(
            url=nxt,
            allowed_hosts={request.get_host()},
            require_https=request.is_secure()):
        return redirect(settings.LOGIN_REDIRECT_URL)
    else:
        return redirect(nxt)

def my_login_view(request):
    # TODO: Check if its ok to login.
    # Then either safely redirect og go to default startpage.
    return redirect_after_login(request)
    0 讨论(0)
  • 北荒
    2021-02-09 08:50

    Passing next to the login form and then the form passing that value on to view in a hidden input can be a bit convoluted.

    As an alternative, it's possible to use django.core.cache here.

    This way there is no need to pass anything extra to the form or to give the form an extra input field.

    def login_view(request):
    if request.method == 'GET':
        cache.set('next', request.GET.get('next', None))

    if request.method == 'POST':
        # do your checks here

        login(request, user)

        next_url = cache.get('next')
        if next_url:
            cache.delete('next')
            return HttpResponseRedirect(next_url)

    return render(request, 'account/login.html')
    0 讨论(0)
  • 醉酒成梦
    2021-02-09 08:51

    This actually works for me quite nice:

    from django.shortcuts import redirect

def login(request):
    nxt = request.GET.get("next", None)
    url = '/admin/login/'

    if nxt is not None:
        url += '?next=' + nxt

return redirect(url)

    If previous URL contained next - call "login" URL and append the previous "next" to it. Then, when you logged in - you'll continue with the page that was previously intended to be next.

    In my project I made the following helper which works for Swagger login/logout:

    def _redirect(request, url):
    nxt = request.GET.get("next", None)
    if nxt is not None:
        url += '?next=' + nxt
    return redirect(url)


def login(request):
    return _redirect(request, '/admin/login/')


def logout(request):
    return _redirect(request, '/admin/logout/')
    0 讨论(0)
  • 醉酒成梦
    2021-02-09 08:52

    You can try by simply add this input field before submit button in accounts/login.html template

    <input type="hidden" name="next" value="{{ request.GET.next }}"/>
    0 讨论(0)
  • 予麋鹿
    2021-02-09 08:54

    You can try:

    return redirect(self.request.GET.get('next'))
    0 讨论(0)
 看不清?
提交回复
热议问题