forked from ScoDoc/DocScoDoc
Evite les erreurs de formulaires POST quand l'utilisateur s'est déconnecté dans un autre onglet
This commit is contained in:
parent
1b8186e69b
commit
9694ba61c4
@ -46,7 +46,10 @@ def login():
|
||||
if not next_page or url_parse(next_page).netloc != "":
|
||||
next_page = url_for("scodoc.index")
|
||||
return redirect(next_page)
|
||||
return render_template("auth/login.html", title=_("Sign In"), form=form)
|
||||
message = request.args.get("message", "")
|
||||
return render_template(
|
||||
"auth/login.html", title=_("Sign In"), form=form, message=message
|
||||
)
|
||||
|
||||
|
||||
@bp.route("/logout")
|
||||
|
@ -10,12 +10,10 @@ import logging
|
||||
import werkzeug
|
||||
from werkzeug.exceptions import BadRequest
|
||||
import flask
|
||||
from flask import g
|
||||
from flask import abort, current_app
|
||||
from flask import request
|
||||
from flask import g, current_app, request
|
||||
from flask import abort, url_for, redirect
|
||||
from flask_login import current_user
|
||||
from flask_login import login_required
|
||||
from flask import current_app
|
||||
import flask_login
|
||||
|
||||
import app
|
||||
@ -52,6 +50,15 @@ def scodoc(func):
|
||||
|
||||
@wraps(func)
|
||||
def scodoc_function(*args, **kwargs):
|
||||
# interdit les POST si pas loggué
|
||||
if request.method == "POST" and not current_user.is_authenticated:
|
||||
current_app.logger.info("POST by non authenticated user")
|
||||
return redirect(
|
||||
url_for(
|
||||
"auth.login",
|
||||
message="La page a expiré. Identifiez-vous et recommencez l'opération",
|
||||
)
|
||||
)
|
||||
if "scodoc_dept" in kwargs:
|
||||
dept_acronym = kwargs["scodoc_dept"]
|
||||
# current_app.logger.info("setting dept to " + dept_acronym)
|
||||
@ -81,7 +88,7 @@ def permission_required(permission):
|
||||
|
||||
|
||||
def permission_required_compat_scodoc7(permission):
|
||||
"""Décorateur pour les fonctions utilisée comme API dans ScoDoc 7
|
||||
"""Décorateur pour les fonctions utilisées comme API dans ScoDoc 7
|
||||
Comme @permission_required mais autorise de passer directement
|
||||
les informations d'auth en paramètres:
|
||||
__ac_name, __ac_password
|
||||
|
@ -2,6 +2,11 @@
|
||||
{% import 'bootstrap/wtf.html' as wtf %}
|
||||
|
||||
{% block app_content %}
|
||||
|
||||
{% if message %}
|
||||
<div class="alert alert-danger" role="alert">{{ message }}</div>
|
||||
{% endif %}
|
||||
|
||||
<h1>Connexion</h1>
|
||||
<div class="row">
|
||||
<div class="col-md-4">
|
||||
|
Loading…
Reference in New Issue
Block a user