ENT-2511 | Disabled the admin panel's login page.
This commit is contained in:
hasnain.naveed
@@ -43,6 +43,7 @@ from openedx.core.djangoapps.plugins import plugin_urls
|
||||
from openedx.core.djangoapps.programs.models import ProgramsApiConfig
|
||||
from openedx.core.djangoapps.self_paced.models import SelfPacedConfiguration
|
||||
from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers
|
||||
from openedx.core.djangoapps.user_authn.views.login import redirect_to_lms_login
|
||||
from openedx.core.djangoapps.verified_track_content import views as verified_track_content_views
|
||||
from openedx.core.apidocs import schema_view
|
||||
from openedx.features.enterprise_support.api import enterprise_enabled
|
||||
@@ -772,6 +773,9 @@ if settings.DEBUG or settings.FEATURES.get('ENABLE_DJANGO_ADMIN_SITE'):
|
||||
# changes go through our user portal and follow complexity requirements.
|
||||
url(r'^admin/password_change/$', handler404),
|
||||
url(r'^admin/auth/user/\d+/password/$', handler404),
|
||||
# We are enforcing users to login through third party auth in site's
|
||||
# login page so we are disabling the admin panel's login page.
|
||||
url(r'^admin/login/$', redirect_to_lms_login),
|
||||
url(r'^admin/', admin.site.urls),
|
||||
]
|
||||
|
||||
|
||||
@@ -15,7 +15,9 @@ from django.contrib.auth import authenticate
|
||||
from django.contrib.auth import login as django_login
|
||||
from django.contrib.auth.decorators import login_required
|
||||
from django.contrib.auth.models import User
|
||||
from django.contrib import admin
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.shortcuts import redirect
|
||||
from django.urls import reverse
|
||||
from django.utils.decorators import method_decorator
|
||||
from django.utils.translation import ugettext as _
|
||||
@@ -467,6 +469,17 @@ def login_refresh(request):
|
||||
return JsonResponse(error.get_response(), status=400)
|
||||
|
||||
|
||||
def redirect_to_lms_login(request):
|
||||
"""
|
||||
This view redirect the admin/login url to the site's login page if
|
||||
waffle switch is on otherwise returns the admin site's login view.
|
||||
"""
|
||||
if ENABLE_LOGIN_USING_THIRDPARTY_AUTH_ONLY.is_enabled():
|
||||
return redirect('/login?next=/admin')
|
||||
else:
|
||||
return admin.site.login(request)
|
||||
|
||||
|
||||
class LoginSessionView(APIView):
|
||||
"""HTTP end-points for logging in users. """
|
||||
|
||||
|
||||
@@ -7,6 +7,7 @@ This is not inside a django app because it is a global property of the system.
|
||||
from django.test import TestCase, Client
|
||||
from django.urls import reverse
|
||||
from student.tests.factories import UserFactory, TEST_PASSWORD
|
||||
from openedx.core.djangoapps.user_authn.views.login import ENABLE_LOGIN_USING_THIRDPARTY_AUTH_ONLY
|
||||
|
||||
|
||||
class TestAdminView(TestCase):
|
||||
@@ -34,3 +35,9 @@ class TestAdminView(TestCase):
|
||||
self.client.login(username=student.username, password=TEST_PASSWORD)
|
||||
response = self.client.get(reverse('admin:index'))
|
||||
assert response.status_code == 302
|
||||
|
||||
def test_admin_login_redirect(self):
|
||||
with ENABLE_LOGIN_USING_THIRDPARTY_AUTH_ONLY.override(True):
|
||||
response = self.client.get(reverse('admin:login'))
|
||||
assert response.url == '/login?next=/admin'
|
||||
assert response.status_code == 302
|
||||
|
||||
Reference in New Issue
Block a user