在Django中登录后重定向到Next

Question

当用户访问需要登录的URL时.视图装饰器重定向到登录页面.在用户输入用户名和密码后,如何将用户重定向到他尝试访问的页面("下一步")？

Views.py

def login_view(request):
    template = 'pos/login.html'
    form = LoginForm
    if request.method == 'POST':
        username = request.POST.get('username', '')
        password = request.POST.get('password', '')
        user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login(request, user)
                messages.success(request, "You have logged in!")
                return redirect('home')
            else:
                messages.warning(request, "Your account is disabled!")
                return redirect('/login')
        else:
            messages.warning(request, "The username or password are not valid!")
            return redirect('/login')
    context = {'form': form}
    return render(request, template, context)

@login_required(redirect_field_name='next', login_url='/login')
def bar(request):
    template = 'pos/bar.html'
    drink = OrderItem.objects.filter(product__catgory__gt=1).order_by('-created')
    context = {'drink': drink}
    return render(request, template, context)

的login.html

<form action="/login" id="login_form" method="post" class="form-signin">
    {% csrf_token %}
    {{ form.as_p }}
    <button class="btn btn-lg btn-primary btn-block" type="submit" value="login">Sign in</button>
    <input type="hidden" name="next" value="{{next}}" />
</form>

url.py

     url(r'^login', views.login_view, name='login'),

forms.py

class LoginForm(AuthenticationForm):
    username = forms.CharField(label="Username", required=True, max_length=30,
                           widget=forms.TextInput(attrs={
                               'class': 'form-control',
                               'name': 'username'}))
    password = forms.CharField(label="Password", required=True, max_length=30,
                           widget=forms.PasswordInput(attrs={
                               'class': 'form-control',
                               'name': 'password'}))

Answer 1

接受的答案不会检查重定向到外部站点的下一个参数。对于许多应用程序来说，这将是一个安全问题。Django 以函数的形式内置了该功能django.utils.http.is_safe_url。它可以这样使用：

from django.shortcuts import redirect
from django.utils.http import url_has_allowed_host_and_scheme
from django.conf import settings

def redirect_after_login(request):
    nxt = request.GET.get("next", None)
    if nxt is None:
        return redirect(settings.LOGIN_REDIRECT_URL)
    elif not url_has_allowed_host_and_scheme(
            url=nxt,
            allowed_hosts={request.get_host()},
            require_https=request.is_secure()):
        return redirect(settings.LOGIN_REDIRECT_URL)
    else:
        return redirect(nxt)

def my_login_view(request):
    # TODO: Check if its ok to login.
    # Then either safely redirect og go to default startpage.
    return redirect_after_login(request)

Answer 2

你可以试试:

return redirect(self.request.GET.get('next'))