2023-11-30 15:29:29 +01:00
3 changed files with 51 additions and 3 deletions
--- a/src/authentic2/templates/authentic2/logout_confirm.html
+++ b/src/authentic2/templates/authentic2/logout_confirm.html
@ -16,7 +16,7 @@
      {% csrf_token %}
      <input type="hidden" name="next" value="{{ next_url }}">
      <button name="submit">{% trans "Continue" %}</button>
-      <a href="{{ next_url }}">{% trans "Cancel" %}</a>
+      <a href="{{ cancel_url }}">{% trans "Cancel" %}</a>
    </form>
  </p>
 {% endblock %}
--- a/src/authentic2/views.py
+++ b/src/authentic2/views.py
@ -887,9 +887,21 @@ def logout(request, next_url=None, do_local=True, check_referer=True):
    """
    next_url = next_url or utils_misc.select_next_url(request, settings.LOGIN_REDIRECT_URL)

+    cancel_url = utils_misc.select_next_url(request, field_name='cancel', default=next_url)
+
    if request.user.is_authenticated:
+        confirm = False
+        if 'confirm ' in request.GET and request.method == 'GET':
+            confirm = True
+
        if check_referer and not utils_misc.check_referer(request):
-            return render(request, 'authentic2/logout_confirm.html', {'next_url': next_url})
+            confirm = True
+
+        if confirm:
+            return render(
+                request, 'authentic2/logout_confirm.html', {'next_url': next_url, 'cancel_url': cancel_url}
+            )
+
        fragments = logout_list(request)
        do_local = do_local and 'local' in request.GET
        if not do_local and fragments:
@ -1414,6 +1426,14 @@ class BaseRegistrationView(HomeURLMixin, FormView):
        self.token = {}
        self.ou = get_default_ou()
        self.next_url = utils_misc.select_next_url(request, None)
+
+        if request.user.is_authenticated:
+            # if user is currently logged, ask for logout and comme back to registration
+            messages.warning(request, _('If you want to register, you need to logout first.'))
+            return utils_misc.redirect_and_come_back(
+                request, 'auth_logout', params={'confirm': '1', 'cancel': self.next_url}
+            )
+
        # load pre-filled values when registering with email address
        if request.GET.get('token'):
            try:
--- a/tests/test_registration.py
+++ b/tests/test_registration.py
@ -33,7 +33,7 @@ from authentic2.models import Attribute, SMSCode, Token
 from authentic2.utils import misc as utils_misc
 from authentic2.validators import EmailValidator

-from .utils import assert_event, get_link_from_mail
+from .utils import assert_event, get_link_from_mail, login

 User = get_user_model()

@ -736,6 +736,8 @@ def test_registration_link_unique_use(app, db, mailoutbox):
    response = app.get(link)
    response.form.set('password1', 'T0==toto')

+    # Clean sesssion
+    app.session.flush()
    # accessing multiple times work
    response = app.get(link)
    response.form.set('password1', 'T0==toto')
@ -743,6 +745,8 @@ def test_registration_link_unique_use(app, db, mailoutbox):
    response = response.form.submit().follow()
    assert 'You have just created an account.' in response.text

+    # Clean sesssion
+    app.session.flush()
    response = app.get(link)
    assert urlparse(response['Location']).path == reverse('registration_register')
    response = response.follow()
@ -1194,3 +1198,27 @@ def test_registration_email_address_max_length(app, db):
    resp.form['email'] = 'a' * 250 + '@entrouvert.com'
    resp = resp.form.submit()
    assert 'Ensure this value has at most 254 characters (it has 265).' in resp.text
+
+
+def test_already_logged(db, app, simple_user):
+    login(app, simple_user)
+
+    # already logged, if we try to register, we are redirect to the logout page...
+    resp = app.get('/register/?next=/whatever/')
+    assert resp.location == '/logout/?confirm=1&cancel=/whatever/&next=/register/%3Fnext%3D/whatever/'
+    resp = resp.follow()
+
+    # with a message of explaining the reason..
+    assert 'If you want to register, you need to logout first.' in resp
+    assert resp.form['next'].value == '/register/?next=/whatever/'
+
+    # and we can cancel to come back to where we come from...
+    assert resp.pyquery('a[href="/whatever/"]').text() == 'Cancel'
+
+    # if we logout...
+    resp = resp.form.submit()
+    assert resp.location == '/register/?next=/whatever/'
+
+    # then we can register.
+    resp = resp.follow()
+    assert resp.form['email']