-
-
Notifications
You must be signed in to change notification settings - Fork 448
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AdminSiteOTPRequiredMixin modified #370
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,12 @@ | ||
|
||
from django.conf import settings | ||
from django.contrib import admin | ||
from django.contrib.admin import AdminSite | ||
from django.contrib.auth import REDIRECT_FIELD_NAME | ||
from django.contrib.auth.views import redirect_to_login | ||
from django.http import HttpResponseRedirect | ||
from django.shortcuts import resolve_url | ||
from django.urls import reverse | ||
from django.utils.http import is_safe_url | ||
|
||
from .models import PhoneDevice | ||
|
@@ -30,9 +33,25 @@ def has_permission(self, request): | |
def login(self, request, extra_context=None): | ||
""" | ||
Redirects to the site login page for the given HttpRequest. | ||
If user has admin permissions but 2FA not setup, then redirect to | ||
2FA setup page. | ||
""" | ||
# redirect to admin page after login | ||
redirect_to = request.POST.get(REDIRECT_FIELD_NAME, request.GET.get(REDIRECT_FIELD_NAME)) | ||
|
||
# if user (is_active and is_staff) | ||
if request.method == "GET" and AdminSite().has_permission(request): | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why not There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
|
||
|
||
# if user has 2FA setup, go to admin homepage | ||
if request.user.is_verified(): | ||
index_path = reverse("admin:index", current_app=self.name) | ||
|
||
# 2FA not setup. redirect to 2FA setup page | ||
else: | ||
index_path = reverse("two_factor:setup", current_app=self.name) | ||
|
||
return HttpResponseRedirect(index_path) | ||
|
||
if not redirect_to or not is_safe_url(url=redirect_to, allowed_hosts=[request.get_host()]): | ||
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL) | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I test this class alone, all tests pass.
When I run entire test suit, 2 tests in this class fail
When running entire test suite,
self.client.get('/otp_admin/', follow=True)
returns login page url/account/login/?next=%2Fotp_admin%2F,
when its supposed to return a OTP setup url/account/two_factor/setup/
.I was unable to find why this happens.
Any help is appreciated
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I just test this class: AdminSiteOTPRequiredMixin().login() func executes.
When I run entire test suite - AdminSiteOTPRequiredMixin().login() func never executes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've not had a chance to look at this yet and I'm not overly familiar with the admin code.
I would imagine that our tests aren't quite as isolated from eachother as we'd actually want. Have you tried running just the
test_admin
module and then the class those two tests belong to? That might help narrow down where the problem is.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I kept
AdminSiteTest
andOTPAdminSiteTest
in test_admin.py and tried to testmake test TARGET=tests.test_admin
They work fine as long as there is no get request made in
AdminSiteTest
class.If I make that get request in
AdminSiteTest.test_default_admin
I get error inOTPAdminSiteTest
class.Error:
Response redirected to '/admin/', expected '/account/two_factor/setup/'
So in conclusion, error in
OTPAdminSiteTest
class depends on which test was run previously. If I were to substituteAdminSiteTest
withAdminPatchTest
in the above code, my error will change to following:Response redirected to '/account/login/?next=/otp_admin/', expected '/account/two_factor/setup/