0003-views-handle-authentication-level-when-logging-in-33.patch
src/authentic2/views.py | ||
---|---|---|
271 | 271 |
def login(request, template_name='authentic2/login.html', |
272 | 272 |
redirect_field_name=REDIRECT_FIELD_NAME): |
273 | 273 |
"""Displays the login form and handles the login action.""" |
274 |
current_auth_level = request.session.get('auth_level', 1) |
|
275 |
if request.user.is_authenticated(): |
|
276 |
# prevent skipping authentication levels |
|
277 |
target_auth_level = min(int(request.GET.get('auth_level', 1)), |
|
278 |
current_auth_level + 1) |
|
279 |
else: |
|
280 |
target_auth_level = 1 |
|
274 | 281 | |
275 | 282 |
# redirect user to homepage if already connected, if setting |
276 | 283 |
# A2_LOGIN_REDIRECT_AUTHENTICATED_USERS_TO_HOMEPAGE is True |
277 | 284 |
if (request.user.is_authenticated() |
278 |
and app_settings.A2_LOGIN_REDIRECT_AUTHENTICATED_USERS_TO_HOMEPAGE): |
|
285 |
and app_settings.A2_LOGIN_REDIRECT_AUTHENTICATED_USERS_TO_HOMEPAGE |
|
286 |
and not target_auth_level > current_auth_level): |
|
279 | 287 |
return utils.redirect(request, 'auth_homepage') |
280 | 288 | |
281 | 289 |
redirect_to = request.GET.get(redirect_field_name) |
... | ... | |
290 | 298 |
redirect_to = settings.LOGIN_REDIRECT_URL |
291 | 299 |
nonce = request.GET.get(constants.NONCE_FIELD_NAME) |
292 | 300 | |
293 |
authenticators = utils.get_backends('AUTH_FRONTENDS') |
|
301 |
authenticators = utils.get_backends('AUTH_FRONTENDS', target_auth_level)
|
|
294 | 302 | |
295 | 303 |
blocks = [] |
296 | 304 | |
... | ... | |
410 | 418 | |
411 | 419 |
def get_context_data(self, **kwargs): |
412 | 420 |
context = super(ProfileView, self).get_context_data(**kwargs) |
413 |
frontends = utils.get_backends('AUTH_FRONTENDS') |
|
421 |
frontends = utils.get_backends('AUTH_FRONTENDS', required_auth_level=0)
|
|
414 | 422 | |
415 | 423 |
request = self.request |
416 | 424 | |
417 |
- |