Browse Source

login auto : pas de reconnection après logout

Élie Bouttier 7 years ago
parent
commit
2144581024
2 changed files with 12 additions and 2 deletions
  1. 1 0
      accounts/urls.py
  2. 11 2
      accounts/views.py

+ 1 - 0
accounts/urls.py

@@ -11,5 +11,6 @@ urlpatterns = [
     url(r'^auth_api/(?P<token>[a-zA-Z0-9]{32})/$', views.auth_api, name='auth_api'),
     url(r'^password_reset/$', auth_views.PasswordResetView.as_view(form_class=PasswordResetForm), name='password_reset'),
     url(r'^login/$', views.login, name='login'),
+    url(r'^logout/$', views.logout, name='logout'),
     url(r'^', include('django.contrib.auth.urls')),
 ]

+ 11 - 2
accounts/views.py

@@ -7,7 +7,7 @@ from django.http import HttpResponse, HttpResponseBadRequest
 from django.views.decorators.http import require_POST
 from django.views.decorators.csrf import csrf_exempt
 from django.contrib.auth import authenticate, get_user_model
-from django.contrib.auth.views import LoginView
+from django.contrib.auth.views import LoginView, LogoutView
 from django.contrib.auth import login as auth_login
 
 from services.models import IPResource
@@ -44,10 +44,19 @@ def login(request):
         if user.is_superuser: # superusers must enter password
             return
         auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
-    try_authenticate_from_ip()
+    if not request.session.get('disable-ip-based-login', False):
+        try_authenticate_from_ip()
+    # Même si l’auto-login a marché, on utilise LoginView qui fera la bonne redirection
     return LoginView.as_view(redirect_authenticated_user=True)(request)
 
 
+def logout(request):
+    response = LogoutView.as_view()(request)
+    # Définie *après* car le logout flush la session
+    request.session['disable-ip-based-login'] = True
+    return response
+
+
 @login_required
 def profile(request):
     user_form = UserForm(request.POST or None, instance=request.user)