Skip to content

Commit

Permalink
fix: add session expired path
Browse files Browse the repository at this point in the history
  • Loading branch information
SKairinos committed Sep 19, 2023
1 parent 3b1b50c commit e801b37
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 1 deletion.
7 changes: 6 additions & 1 deletion codeforlife/settings/django.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,19 @@

from django.utils.translation import gettext_lazy as _

from .custom import SERVICE_NAME
from .custom import SERVICE_API_URL, SERVICE_NAME

# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = bool(int(os.getenv("DEBUG", "1")))

# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = os.getenv("SECRET_KEY", "replace-me")

# Auth
# https://docs.djangoproject.com/en/3.2/topics/auth/default/

LOGIN_URL = f"{SERVICE_API_URL}/session/expired/"

# Authentication backends
# https://docs.djangoproject.com/en/3.2/ref/settings/#authentication-backends

Expand Down
13 changes: 13 additions & 0 deletions codeforlife/urls.py
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,19 @@ def service_urlpatterns(
LogoutView.as_view(),
name="logout",
),
# Django's default behavior with the @login_required decorator is to
# redirect users to the login template found in setting LOGIN_URL.
# Because we're using a React frontend, we want to return a
# 401-Unauthorized whenever a user's session-cookie expires so we can
# redirect them to the login page. Therefore, all login redirects will
# direct to this view which will return the desired 401.
path(
"api/session/expired/",
lambda request: HttpResponse(
status=status.HTTP_401_UNAUTHORIZED,
),
name="session-expired",
),
path(
"api/",
include(api_urls_path),
Expand Down

0 comments on commit e801b37

Please sign in to comment.