diff options
| author | Bobby <[email protected]> | 2022-10-10 12:22:51 -0400 |
|---|---|---|
| committer | Bobby <[email protected]> | 2022-10-10 12:22:51 -0400 |
| commit | 6830aa50a538b057ddd11fd9e84549dec0b40a1a (patch) | |
| tree | 89b41dc2c2560350bca0bf6af75e579167f5ac6a | |
| parent | 5d11cb12fc7a55ac7d5a541e608ef00a22dad4d9 (diff) | |
| download | thatcomputerscientist-6830aa50a538b057ddd11fd9e84549dec0b40a1a.tar.xz thatcomputerscientist-6830aa50a538b057ddd11fd9e84549dec0b40a1a.zip | |
Unauthorized error on no referrer
| -rw-r--r-- | users/urls.py | 1 | ||||
| -rw-r--r-- | users/views.py | 22 |
2 files changed, 12 insertions, 11 deletions
diff --git a/users/urls.py b/users/urls.py index 3589c7e0..c09d7e01 100644 --- a/users/urls.py +++ b/users/urls.py @@ -4,7 +4,6 @@ from django.contrib import admin app_name = 'users' urlpatterns = [ - path('', views.home, name='home'), path('login', views.login_user, name='login'), path('logout', views.logout_user, name='logout'), path('update', views.update_user, name='update'), diff --git a/users/views.py b/users/views.py index b0c2126e..57a73d41 100644 --- a/users/views.py +++ b/users/views.py @@ -20,14 +20,16 @@ def get_ref(request): try: referrer = request.META.get('QUERY_STRING').split('referrer=')[1] except: - # Raise a unauthorized error if the referrer is not set - return HttpResponse('Unauthorized', status=401) - if '?' in referrer: + referrer = None + if referrer and '?' in referrer: referrer = referrer.split('?')[0] return referrer -def home(request): - return redirect('blog:home') +def red_(referrer): + if referrer is None: + return HttpResponse('Unauthorized', status=401) + else: + return redirect(referrer) @csrf_exempt # Create your views here. @@ -38,7 +40,7 @@ def login_user(request): print (username, password) if username == '' or password == '': messages.error(request, 'Please fill in all fields.', extra_tags='loginError') - return HttpResponseRedirect(referrer) + return red_(referrer) else: # check if email is verified user = authenticate(request, username=username, password=password) @@ -46,18 +48,18 @@ def login_user(request): email_verified = UserProfile.objects.get(user=user.pk).email_verified if email_verified: login(request, user) - return HttpResponseRedirect(referrer) + return red_(referrer) else: messages.error(request, 'EVERR', extra_tags='loginError') - return HttpResponseRedirect(referrer + '?username=' + username) + return red_(referrer + '?username=' + username) else: messages.error(request, 'Invalid username or password.', extra_tags='loginError') - return HttpResponseRedirect(referrer + '?username=' + username) + return red_(referrer + '?username=' + username) def logout_user(request): referrer = get_ref(request) logout(request) - return HttpResponseRedirect(referrer) + return red_(referrer) def update_user(request): username = request.user |