Do not redirect user to the logout page when logging in. Fixes ietf-tools#3478. Commit ready for merge.

jennifer-richards · jennifer-richards · commit c4bf508cd85f · 2022-01-24T17:34:29.000Z
- Legacy-Id: 19876
diff --git a/ietf/doc/templatetags/ietf_filters.py b/ietf/doc/templatetags/ietf_filters.py
@@ -394,6 +394,23 @@ def expires_soon(x,request):
 def startswith(x, y):
     return str(x).startswith(y)
 
+
+@register.filter(name='removesuffix', is_safe=False)
+def removesuffix(value, suffix):
+    """Remove an exact-match suffix
+    
+    The is_safe flag is False because indiscriminate use of this could result in non-safe output.
+    See https://docs.djangoproject.com/en/2.2/howto/custom-template-tags/#filters-and-auto-escaping
+    which describes the possibility that removing characters from an escaped string may introduce
+    HTML-unsafe output.
+    """
+    base = str(value)
+    if base.endswith(suffix):
+        return base[:-len(suffix)]
+    else:
+        return base
+
+
 @register.filter
 def has_role(user, role_names):
     from ietf.ietfauth.utils import has_role
diff --git a/ietf/ietfauth/tests.py b/ietf/ietfauth/tests.py
@@ -95,6 +95,7 @@ def test_login_and_logout(self):
         # try logging out
         r = self.client.get(urlreverse('django.contrib.auth.views.logout'))
         self.assertEqual(r.status_code, 200)
+        self.assertNotContains(r, "accounts/logout")
 
         r = self.client.get(urlreverse(ietf.ietfauth.views.profile))
         self.assertEqual(r.status_code, 302)
diff --git a/ietf/templates/base.html b/ietf/templates/base.html
@@ -72,7 +72,7 @@
             </ul>
         {% if not user.is_authenticated %}
             <p class="navbar-text"></p>
-            <a class="btn {% if server_mode and server_mode == "production" %}btn-warning{% else %}btn-default{% endif %} btn-sm navbar-btn" rel="nofollow" href="/accounts/login/?next={{request.get_full_path|urlencode}}">Sign in</a>
+            <a class="btn {% if server_mode and server_mode == "production" %}btn-warning{% else %}btn-default{% endif %} btn-sm navbar-btn" rel="nofollow" href="/accounts/login/?next={{request.get_full_path|removesuffix:"accounts/logout/"|urlencode}}">Sign in</a>
         {% endif %}
 
 	    <form class="navbar-form navbar-right hidden-xs" action="/doc/search/">
