From 71f6aeef41d9aea5fb3318c794cb5b4d58d7d7ca Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Tue, 2 Apr 2019 16:54:08 +0200 Subject: [PATCH 07/13] views: handle authentication level when logging in --- src/authentic2/views.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/authentic2/views.py b/src/authentic2/views.py index 6a67a5de..8eda8e2e 100644 --- a/src/authentic2/views.py +++ b/src/authentic2/views.py @@ -261,11 +261,13 @@ logger = logging.getLogger('authentic2.idp.views') def login(request, template_name='authentic2/login.html', redirect_field_name=REDIRECT_FIELD_NAME): """Displays the login form and handles the login action.""" + target_auth_level = int(request.GET.get('auth_level', 1)) # redirect user to homepage if already connected, if setting # A2_LOGIN_REDIRECT_AUTHENTICATED_USERS_TO_HOMEPAGE is True - if (request.user.is_authenticated() and - app_settings.A2_LOGIN_REDIRECT_AUTHENTICATED_USERS_TO_HOMEPAGE): + if (request.user.is_authenticated and + app_settings.A2_LOGIN_REDIRECT_AUTHENTICATED_USERS_TO_HOMEPAGE and + not target_auth_level > request.session['auth_level']): return utils.redirect(request, 'auth_homepage') redirect_to = request.GET.get(redirect_field_name) @@ -280,7 +282,7 @@ def login(request, template_name='authentic2/login.html', redirect_to = settings.LOGIN_REDIRECT_URL nonce = request.GET.get(constants.NONCE_FIELD_NAME) - authenticators = utils.get_backends('AUTH_FRONTENDS') + authenticators = utils.get_backends('AUTH_FRONTENDS', target_auth_level) blocks = [] @@ -403,7 +405,7 @@ class ProfileView(cbv.TemplateNamesMixin, TemplateView): def get_context_data(self, **kwargs): context = super(ProfileView, self).get_context_data(**kwargs) - frontends = utils.get_backends('AUTH_FRONTENDS') + frontends = utils.get_backends('AUTH_FRONTENDS', required_auth_level=0) request = self.request -- 2.20.1