|
@@ -7,7 +7,7 @@ from django.http import HttpResponse, HttpResponseBadRequest
|
|
|
from django.views.decorators.http import require_POST
|
|
|
from django.views.decorators.csrf import csrf_exempt
|
|
|
from django.contrib.auth import authenticate, get_user_model
|
|
|
-from django.contrib.auth.views import LoginView
|
|
|
+from django.contrib.auth.views import LoginView, LogoutView
|
|
|
from django.contrib.auth import login as auth_login
|
|
|
|
|
|
from services.models import IPResource
|
|
@@ -44,10 +44,19 @@ def login(request):
|
|
|
if user.is_superuser: # superusers must enter password
|
|
|
return
|
|
|
auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
|
|
|
- try_authenticate_from_ip()
|
|
|
+ if not request.session.get('disable-ip-based-login', False):
|
|
|
+ try_authenticate_from_ip()
|
|
|
+ # Même si l’auto-login a marché, on utilise LoginView qui fera la bonne redirection
|
|
|
return LoginView.as_view(redirect_authenticated_user=True)(request)
|
|
|
|
|
|
|
|
|
+def logout(request):
|
|
|
+ response = LogoutView.as_view()(request)
|
|
|
+ # Définie *après* car le logout flush la session
|
|
|
+ request.session['disable-ip-based-login'] = True
|
|
|
+ return response
|
|
|
+
|
|
|
+
|
|
|
@login_required
|
|
|
def profile(request):
|
|
|
user_form = UserForm(request.POST or None, instance=request.user)
|