[airavata-django-portal] 01/01: AIRAVATA-3361 Redirect handle_login to login page

Thu, 06 Aug 2020 07:03:26 -0700 

This is an automated email from the ASF dual-hosted git repository.

machristie pushed a commit to branch develop
in repository https://gitbox.apache.org/repos/asf/airavata-django-portal.git

commit 64618803261b50292654c8d32837ce62c5277443
Author: Marcus Christie <[email protected]>
AuthorDate: Thu Aug 6 10:01:43 2020 -0400

    AIRAVATA-3361 Redirect handle_login to login page
    
    Fixes an error that is generated when clients make a GET request to 
/auth/handle_login, which assumes that the request is a POST request with 
username
    and password. Now, if a GET request, a redirect to /auth/login is returned.
---
 django_airavata/apps/auth/tests/test_views.py | 12 ++++++++++++
 django_airavata/apps/auth/views.py            |  4 ++++
 2 files changed, 16 insertions(+)

diff --git a/django_airavata/apps/auth/tests/test_views.py 
b/django_airavata/apps/auth/tests/test_views.py
index dc7e671..7fe18b1 100644
--- a/django_airavata/apps/auth/tests/test_views.py
+++ b/django_airavata/apps/auth/tests/test_views.py
@@ -29,6 +29,18 @@ class LoginViewTestCase(TestCase):
         self.assertContains(response, f'<a href="{create_account_url}">')
 
 
+class HandleLoginViewTestCase(TestCase):
+
+    def test_with_get_request(self):
+        """Verify GET request redirects to login page."""
+        response = self.client.get(
+            reverse('django_airavata_auth:handle_login'))
+        self.assertEqual(response.status_code, 302)
+        self.assertEqual(
+            response['Location'],
+            reverse('django_airavata_auth:login'))
+
+
 class CreateAccountViewTestCase(TestCase):
 
     def setUp(self):
diff --git a/django_airavata/apps/auth/views.py 
b/django_airavata/apps/auth/views.py
index aceaa45..568d6a9 100644
--- a/django_airavata/apps/auth/views.py
+++ b/django_airavata/apps/auth/views.py
@@ -78,6 +78,10 @@ def _validate_idp_alias(idp_alias):
 
 @sensitive_variables('password')
 def handle_login(request):
+    # This view handles a POST of the login form. If the request is a GET, just
+    # redirect to the login page.
+    if request.method == 'GET':
+        return redirect(reverse('django_airavata_auth:login'))
     username = request.POST['username']
     password = request.POST['password']
     login_type = request.POST.get('login_type', None)

Reply via email to