Merge pull request #1181 from django-helpdesk/fix-logout

Fix logout in Django 5 with POST action instead of GET
2024-10-05 01:42:13 +02:00 · 2024-05-09 22:22:45 +01:00 · 2024-05-09 22:22:45 +01:00 · d7b75087dc
commit d7b75087dc
parent ba9935e792 306a01a8b4
6 changed files with 49 additions and 16 deletions
--- a/demo/demodesk/config/settings.py
+++ b/demo/demodesk/config/settings.py
@ -124,6 +124,8 @@ HELPDESK_SHOW_CHANGE_PASSWORD = True
 HELPDESK_REDIRECT_TO_LOGIN_BY_DEFAULT = False
 LOGIN_URL = 'helpdesk:login'
 LOGIN_REDIRECT_URL = 'helpdesk:home'
+# You can also redirect to a specific page after logging out (instead of logout page)
+# LOGOUT_REDIRECT_URL = 'helpdesk:home'

 # Database
 # - by default, we use SQLite3 for the demo, but you can also
--- a/docs/install.rst
+++ b/docs/install.rst
@ -162,9 +162,16 @@ errors with trying to create User settings.
   following to ``settings.py`` to get your Django installation to use the login 
   view included in ``django-helpdesk``::

-    LOGIN_URL = '/helpdesk/login/'
+    LOGIN_URL = 'helpdesk:login'

-   Alter the URL to suit your installation path.
+   Alter the view name to suit your installation path.
+
+   You can also add following settings to handle redirects after logging in or out::
+
+   LOGIN_REDIRECT_URL = 'helpdesk:home'
+   LOGOUT_REDIRECT_URL = 'helpdesk:home'
+
+   If you don't set ``LOGOUT_REDIRECT_URL``, a logout confirmation page will be displayed.

 8. Load initial e-mail templates, otherwise you will not be able to send e-mail::

--- a/helpdesk/templates/helpdesk/navigation-header.html
+++ b/helpdesk/templates/helpdesk/navigation-header.html
@ -58,7 +58,11 @@
            <a class="dropdown-item" href='{% url 'helpdesk:system_settings' %}'><i class="fas fa-fw fa-cogs"></i> {% trans "System Settings" %}</a>
            <div class="dropdown-divider"></div>
            {% endif %}
-            <a class="dropdown-item" href="{% url 'helpdesk:logout' %}"><i class="fas fa-fw fa-sign-out-alt"></i> {% trans "Logout" %}</a>
+            <form action="{% url 'helpdesk:logout' %}" method="post">{% csrf_token %}
+                <button type="submit" class="dropdown-item">
+                  <i class="fas fa-fw fa-sign-out-alt"></i> {% trans "Logout" %}
+                </button>
+            </form>
          </div>
        </li>
      {% else %}
@ -80,11 +84,17 @@
                     {{user.username}}
                 </div>
            </div>
-            <li class="nav-item dropdown no-arrow">
+            <li class="nav-item">
              {% if user.is_authenticated %}
-                <a class="nav-link dropdown-toggle" href="{% url 'helpdesk:logout' %}" id="userDropdown" role="button" aria-haspopup="true" aria-expanded="false"><i class="fas fa-fw fa-sign-out-alt"></i> {% trans "Logout" %}</a>
+                <form action="{% url 'helpdesk:logout' %}" method="post">{% csrf_token %}
+                    <button type="submit" class="btn btn-outline-secondary">
+                      <i class="fas fa-fw fa-sign-out-alt"></i> {% trans "Logout" %}
+                    </button>
+                </form>
              {% else %}
-                <a class="nav-link dropdown-toggle" href="{% url 'helpdesk:login' %}?next={% if next %}{{ next|escape }}{% else %}{% url 'helpdesk:home' %}{% endif %}" id="userDropdown" role="button" aria-haspopup="true" aria-expanded="false"><i class="fas fa-fw fa-sign-in-alt"></i> {% trans "Log In" %}</a>
+                <a class="btn btn-outline-secondary" href="{% url 'helpdesk:login' %}?next={% if next %}{{ next|escape }}{% else %}{% url 'helpdesk:home' %}{% endif %}">
+                  <i class="fas fa-fw fa-sign-in-alt"></i> {% trans "Log In" %}
+                </a>
              {% endif %}
            </li>
        {% endif %}
--- a/helpdesk/templates/helpdesk/registration/logged_out.html
+++ b/helpdesk/templates/helpdesk/registration/logged_out.html
@ -1,13 +1,25 @@
 {% extends "helpdesk/public_base.html" %}{% load i18n %}
 {% block helpdesk_title %}{% trans "Logged Out" %}{% endblock %}

-{% block helpdesk_body %}{% blocktrans %}
-
-    <div class="col-md-4 col-md-offset-4">
-        <div class="alert alert-success">
-            <h2>Successfully Logged Out</h2>
-            <p>Thanks for being here. Hopefully you've helped resolve a few tickets and made the world a better place.</p>
+{% block helpdesk_body %}
+    {% blocktrans %}
+        <div class="col-md-4 offset-md-4">
+            <div class="alert alert-success">
+                <h2>Successfully Logged Out</h2>
+                <p>
+                    Thanks for being here. Hopefully you've helped resolve a few tickets 
+                    and made the world a better place.
+                </p>
+            </div>
        </div>
+    {% endblocktrans %}
+    
+    <div class="clearfix"></div>
+    
+    <div class="col-md-4 offset-md-4 text-center">
+        <a class="btn btn-secondary" href="{% url 'helpdesk:login' %}">
+            <i class="fas fa-fw fa-sign-in-alt"></i>
+            {% trans "Log In again" %}
+        </a>
    </div>
-
-{% endblocktrans %}{% endblock %}
+{% endblock %}
--- a/helpdesk/templates/helpdesk/registration/login.html
+++ b/helpdesk/templates/helpdesk/registration/login.html
@ -36,7 +36,9 @@
              </div>
            </div>
            <input class="btn btn-lg btn-primary btn-block" type='submit' value='{% trans "Login" %}' />
-            <input type="hidden" name="next" value="{% if next %}{{ next }}{% else %}../{% endif %}" />
+            {% if next %}
+              <input type="hidden" name="next" value="{{ next }}" />
+            {% endif %}
          {% csrf_token %}</form>
        </div>
      </div>
--- a/helpdesk/urls.py
+++ b/helpdesk/urls.py
@ -215,7 +215,7 @@ urlpatterns += [
    path(
        "logout/",
        auth_views.LogoutView.as_view(
-            template_name="helpdesk/registration/login.html", next_page="../"
+            template_name="helpdesk/registration/logged_out.html"
        ),
        name="logout",
    ),