fix for #1658 (#1662)

* fix for #1658 fixing no redirection if user not auth after login with email and pw * fix with reditrect and midware call * ran precommit * Update evap/evaluation/views.py Co-authored-by: Johannes Wolf <johannes-wolf@posteo.de> * Update evap/evaluation/views.py Co-authored-by: Johannes Wolf <johannes-wolf@posteo.de> * Update evap/evaluation/tests/test_views.py Co-authored-by: Johannes Wolf <johannes-wolf@posteo.de> * Update test_views.py * Update views.py added a better comment * Update evap/evaluation/views.py Co-authored-by: Richard Ebeling <He3lixxx@users.noreply.github.com> * Update evap/evaluation/tests/test_views.py Co-authored-by: Richard Ebeling <He3lixxx@users.noreply.github.com> * Update evap/evaluation/tests/test_views.py Co-authored-by: Richard Ebeling <He3lixxx@users.noreply.github.com> Co-authored-by: Johannes Wolf <johannes-wolf@posteo.de> Co-authored-by: Richard Ebeling <He3lixxx@users.noreply.github.com>

fix for #1658 (#1662)
575d6e2c · fidoriel · GitHub · 756f8f9f · 575d6e2c · 575d6e2c
Unverified Commit 575d6e2c authored Nov 23, 2021 by fidoriel Committed by GitHub Nov 23, 2021
--- a/evap/evaluation/tests/test_views.py
+++ b/evap/evaluation/tests/test_views.py
@@ -42,6 +42,22 @@ class TestIndexView(WebTest):
        self.assertRedirects(response, self.url, fetch_redirect_response=False)
        self.assertRedirects(response.follow(), "/results/")

+    def test_login_view_respects_redirect_parameter(self):
+        """Regression test for #1658: redirect after login"""
+        internal_email = "manager@institution.example.com"
+        baker.make(
+            UserProfile,
+            email=internal_email,
+            password=make_password("evap"),
+        )
+
+        response = self.app.get(self.url + "?next=/test42/")
+        password_form = response.forms["email-login-form"]
+        password_form["email"] = internal_email
+        password_form["password"] = "evap"
+        response = password_form.submit()
+        self.assertRedirects(response.follow(), "/test42/", fetch_redirect_response=False)
+
    def test_send_new_login_key(self):
        """Tests whether requesting a new login key is only possible for existing users,
        shows the expected success message and sends only one email to the requesting

--- a/evap/evaluation/views.py
+++ b/evap/evaluation/views.py
@@ -7,6 +7,7 @@ from django.contrib.auth.decorators import login_required
 from django.core.mail import EmailMessage
 from django.http import HttpResponse, HttpResponseBadRequest
 from django.shortcuts import redirect, render
+from django.urls import reverse
 from django.utils.translation import gettext as _
 from django.views.decorators.debug import sensitive_post_parameters
 from django.views.decorators.http import require_POST
@@ -75,6 +76,12 @@ def index(request):
            # clean up our test cookie
            if request.session.test_cookie_worked():
                request.session.delete_test_cookie()
+
+            # redirect to this view again so the staff mode middleware runs for the authenticated user.
+            redirect_to = request.GET.get("next", None)
+            if redirect_to:
+                return redirect(reverse("evaluation:index") + "?next=" + redirect_to)
+
            return redirect("evaluation:index")

    # if not logged in by now, render form