From ce8ef7e2dc2d934ac3edc9dae5290431784f9976 Mon Sep 17 00:00:00 2001
From: Benjamin Dauvergne <bdauvergne@entrouvert.com>
Date: Wed, 26 Jan 2022 10:25:48 +0100
Subject: [PATCH 2/3] misc: allow signed token to login view (#28853)

It prevents messing with the login view from unauthorized parties.
---
 src/authentic2/utils/misc.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/authentic2/utils/misc.py b/src/authentic2/utils/misc.py
index 8cd6e871..b6cc5300 100644
--- a/src/authentic2/utils/misc.py
+++ b/src/authentic2/utils/misc.py
@@ -481,7 +481,9 @@ def login(request, user, how, service=None, service_slug=None, nonce=None, recor
     return continue_to_next_url(request, **kwargs)
 
 
-def login_require(request, next_url=None, login_url='auth_login', service=None, login_hint=(), **kwargs):
+def login_require(
+    request, next_url=None, login_url='auth_login', service=None, login_hint=(), token=None, **kwargs
+):
     '''Require a login and come back to current URL'''
 
     next_url = next_url or request.get_full_path()
@@ -494,6 +496,8 @@ def login_require(request, next_url=None, login_url='auth_login', service=None,
     elif 'login-hint' in request.session:
         # clear previous login-hint if present
         del request.session['login-hint']
+    if token:
+        params['token'] = signing.dumps(token)
     return redirect(request, login_url, **kwargs)
 
 
-- 
2.34.1