mirror of
https://github.com/pretix/pretix.git
synced 2026-07-04 05:01:54 +00:00
Compare commits
3 Commits
master
...
xhr-logout
| Author | SHA1 | Date | |
|---|---|---|---|
| 67b78e1d21 | |||
| 9bf752e378 | |||
| 4f96fff204 |
@@ -37,7 +37,7 @@ from urllib.parse import quote, urljoin, urlparse
|
||||
from django.conf import settings
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME, logout
|
||||
from django.contrib.auth.views import redirect_to_login
|
||||
from django.http import Http404
|
||||
from django.http import Http404, HttpResponse
|
||||
from django.shortcuts import get_object_or_404, resolve_url
|
||||
from django.template.response import TemplateResponse
|
||||
from django.urls import get_script_prefix, resolve, reverse
|
||||
@@ -98,6 +98,8 @@ class PermissionMiddleware:
|
||||
super().__init__()
|
||||
|
||||
def _login_redirect(self, request):
|
||||
from django.contrib.auth.views import redirect_to_login
|
||||
|
||||
# Taken from django/contrib/auth/decorators.py
|
||||
path = request.build_absolute_uri()
|
||||
# urlparse chokes on lazy objects in Python 3, force to str
|
||||
@@ -110,10 +112,21 @@ class PermissionMiddleware:
|
||||
if ((not login_scheme or login_scheme == current_scheme) and
|
||||
(not login_netloc or login_netloc == current_netloc)):
|
||||
path = request.get_full_path()
|
||||
from django.contrib.auth.views import redirect_to_login
|
||||
|
||||
return redirect_to_login(
|
||||
path, resolved_login_url, REDIRECT_FIELD_NAME)
|
||||
if request.headers.get("X-Requested-With") == "XMLHttpRequest":
|
||||
# It's not useful to return a 302 redirect on a XMLHttpRequest request, because
|
||||
# the XMLHttpRequest is unable to detect redirects.
|
||||
return HttpResponse(
|
||||
"Authentication required",
|
||||
status=401,
|
||||
headers={
|
||||
# Appending ?next= is handled by client, because it should be the top-level context url,
|
||||
# not the URL called in the background
|
||||
"X-Login-Url": resolved_login_url,
|
||||
}
|
||||
)
|
||||
|
||||
return redirect_to_login(path, resolved_login_url, REDIRECT_FIELD_NAME)
|
||||
|
||||
def __call__(self, request):
|
||||
url = resolve(request.path_info)
|
||||
|
||||
@@ -56,5 +56,4 @@
|
||||
</form>
|
||||
<script type="text/plain" id="good_origin">{{ good_origin }}</script>
|
||||
<script type="text/plain" id="bad_origin_report_url">{{ bad_origin_report_url }}</script>
|
||||
<!-- pretix-login-marker -->{# marker required for ajax calls to detect that user session is over #}
|
||||
{% endblock %}
|
||||
|
||||
@@ -205,8 +205,8 @@ const CSRF_TOKEN = document.querySelector<HTMLInputElement>('input[name=csrfmidd
|
||||
function handleAuthError (response: Response): void {
|
||||
if ([401, 403].includes(response.status)) {
|
||||
window.location.href = '/control/login?next=' + encodeURIComponent(
|
||||
window.location.pathname + window.location.search + window.location.hash
|
||||
)
|
||||
window.location.pathname + window.location.search
|
||||
) + window.location.hash
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -113,6 +113,12 @@ function async_task_check_error(jqXHR, textStatus, errorThrown) {
|
||||
"use strict";
|
||||
var respdom = $(jqXHR.responseText);
|
||||
var c = respdom.filter('.container');
|
||||
if (jqXHR.status === 401 && jqXHR.getResponseHeader("X-Login-Url")) {
|
||||
// Append location.hash outside the next parameter so it is not unexpectedly sent to the server
|
||||
// The browser will keep it in the redirect.
|
||||
window.location = jqXHR.getResponseHeader("X-Login-Url") + "?next=" + encodeURIComponent(location.pathname + location.search) + location.hash;
|
||||
return;
|
||||
}
|
||||
if (respdom.filter('form') && (respdom.filter('.has-error') || respdom.filter('.alert-danger'))) {
|
||||
// This is a failed form validation, let's just use it
|
||||
$("body").data('ajaxing', false);
|
||||
@@ -167,6 +173,12 @@ function async_task_callback(data, jqXHR, status) {
|
||||
function async_task_error(jqXHR, textStatus, errorThrown) {
|
||||
"use strict";
|
||||
$("body").data('ajaxing', false);
|
||||
if (jqXHR.status === 401 && jqXHR.getResponseHeader("X-Login-Url")) {
|
||||
// Append location.hash outside the next parameter so it is not unexpectedly sent to the server
|
||||
// The browser will keep it in the redirect.
|
||||
window.location = jqXHR.getResponseHeader("X-Login-Url") + "?next=" + encodeURIComponent(location.pathname + location.search) + location.hash;
|
||||
return;
|
||||
}
|
||||
waitingDialog.hide();
|
||||
if (textStatus === "timeout") {
|
||||
alert(gettext("The request took too long. Please try again."));
|
||||
|
||||
@@ -58,13 +58,16 @@ var i18nToString = function (i18nstring) {
|
||||
};
|
||||
|
||||
$(document).ajaxError(function (event, jqXHR, settings, thrownError) {
|
||||
waitingDialog.hide();
|
||||
var c = $(jqXHR.responseText).filter('.container');
|
||||
if (jqXHR.responseText && jqXHR.responseText.indexOf("<!-- pretix-login-marker -->") !== -1) {
|
||||
location.href = '/control/login?next=' + encodeURIComponent(location.pathname + location.search + location.hash)
|
||||
if (jqXHR.status === 401 && jqXHR.getResponseHeader("X-Login-Url")) {
|
||||
// Append location.hash outside the next parameter so it is not unexpectedly sent to the server
|
||||
// The browser will keep it in the redirect.
|
||||
window.location = jqXHR.getResponseHeader("X-Login-Url") + "?next=" + encodeURIComponent(location.pathname + location.search) + location.hash;
|
||||
} else if (c.length > 0) {
|
||||
waitingDialog.hide();
|
||||
ajaxErrDialog.show(c.first().html());
|
||||
} else if (thrownError !== "abort" && thrownError !== "") {
|
||||
waitingDialog.hide();
|
||||
console.error(event, jqXHR, settings, thrownError);
|
||||
alert(gettext('Unknown error.'));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user