views: forbid registration view to authenticated users (#12382) #193
|
@ -16,7 +16,7 @@
|
|||
{% csrf_token %}
|
||||
<input type="hidden" name="next" value="{{ next_url }}">
|
||||
<button name="submit">{% trans "Continue" %}</button>
|
||||
<a href="{{ next_url }}">{% trans "Cancel" %}</a>
|
||||
<a href="{{ cancel_url }}">{% trans "Cancel" %}</a>
|
||||
</form>
|
||||
</p>
|
||||
{% endblock %}
|
||||
|
|
|
@ -887,9 +887,21 @@ def logout(request, next_url=None, do_local=True, check_referer=True):
|
|||
"""
|
||||
next_url = next_url or utils_misc.select_next_url(request, settings.LOGIN_REDIRECT_URL)
|
||||
|
||||
cancel_url = utils_misc.select_next_url(request, field_name='cancel', default=next_url)
|
||||
|
||||
if request.user.is_authenticated:
|
||||
confirm = False
|
||||
if 'confirm ' in request.GET and request.method == 'GET':
|
||||
confirm = True
|
||||
|
||||
if check_referer and not utils_misc.check_referer(request):
|
||||
return render(request, 'authentic2/logout_confirm.html', {'next_url': next_url})
|
||||
confirm = True
|
||||
|
||||
if confirm:
|
||||
return render(
|
||||
request, 'authentic2/logout_confirm.html', {'next_url': next_url, 'cancel_url': cancel_url}
|
||||
)
|
||||
|
||||
fragments = logout_list(request)
|
||||
do_local = do_local and 'local' in request.GET
|
||||
if not do_local and fragments:
|
||||
|
@ -1414,6 +1426,14 @@ class BaseRegistrationView(HomeURLMixin, FormView):
|
|||
self.token = {}
|
||||
self.ou = get_default_ou()
|
||||
self.next_url = utils_misc.select_next_url(request, None)
|
||||
|
||||
if request.user.is_authenticated:
|
||||
# if user is currently logged, ask for logout and comme back to registration
|
||||
messages.warning(request, _('If you want to register, you need to logout first.'))
|
||||
return utils_misc.redirect_and_come_back(
|
||||
request, 'auth_logout', params={'confirm': '1', 'cancel': self.next_url}
|
||||
)
|
||||
|
||||
# load pre-filled values when registering with email address
|
||||
if request.GET.get('token'):
|
||||
try:
|
||||
|
|
|
@ -33,7 +33,7 @@ from authentic2.models import Attribute, SMSCode, Token
|
|||
from authentic2.utils import misc as utils_misc
|
||||
from authentic2.validators import EmailValidator
|
||||
|
||||
from .utils import assert_event, get_link_from_mail
|
||||
from .utils import assert_event, get_link_from_mail, login
|
||||
|
||||
User = get_user_model()
|
||||
|
||||
|
@ -736,6 +736,8 @@ def test_registration_link_unique_use(app, db, mailoutbox):
|
|||
response = app.get(link)
|
||||
response.form.set('password1', 'T0==toto')
|
||||
|
||||
# Clean sesssion
|
||||
app.session.flush()
|
||||
# accessing multiple times work
|
||||
response = app.get(link)
|
||||
response.form.set('password1', 'T0==toto')
|
||||
|
@ -743,6 +745,8 @@ def test_registration_link_unique_use(app, db, mailoutbox):
|
|||
response = response.form.submit().follow()
|
||||
assert 'You have just created an account.' in response.text
|
||||
|
||||
# Clean sesssion
|
||||
app.session.flush()
|
||||
response = app.get(link)
|
||||
assert urlparse(response['Location']).path == reverse('registration_register')
|
||||
response = response.follow()
|
||||
|
@ -1194,3 +1198,27 @@ def test_registration_email_address_max_length(app, db):
|
|||
resp.form['email'] = 'a' * 250 + '@entrouvert.com'
|
||||
resp = resp.form.submit()
|
||||
assert 'Ensure this value has at most 254 characters (it has 265).' in resp.text
|
||||
|
||||
|
||||
def test_already_logged(db, app, simple_user):
|
||||
login(app, simple_user)
|
||||
|
||||
# already logged, if we try to register, we are redirect to the logout page...
|
||||
resp = app.get('/register/?next=/whatever/')
|
||||
assert resp.location == '/logout/?confirm=1&cancel=/whatever/&next=/register/%3Fnext%3D/whatever/'
|
||||
resp = resp.follow()
|
||||
|
||||
# with a message of explaining the reason..
|
||||
assert 'If you want to register, you need to logout first.' in resp
|
||||
assert resp.form['next'].value == '/register/?next=/whatever/'
|
||||
|
||||
# and we can cancel to come back to where we come from...
|
||||
assert resp.pyquery('a[href="/whatever/"]').text() == 'Cancel'
|
||||
|
||||
# if we logout...
|
||||
resp = resp.form.submit()
|
||||
assert resp.location == '/register/?next=/whatever/'
|
||||
|
||||
# then we can register.
|
||||
resp = resp.follow()
|
||||
assert resp.form['email']
|
||||
|
|
Loading…
Reference in New Issue