From e30b0a990eeb1c0bf75b9dd7633628284cce81f3 Mon Sep 17 00:00:00 2001 From: Nina Menezes Date: Tue, 13 Aug 2024 16:00:43 +0100 Subject: [PATCH] Make sure sign-out doesn't 404. Code tidying. --- consultation_analyser/consultations/views/sessions.py | 1 + consultation_analyser/middleware.py | 8 +++----- tests/integration/test_logging_in_to_support.py | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/consultation_analyser/consultations/views/sessions.py b/consultation_analyser/consultations/views/sessions.py index 824ad988..2461e5a1 100644 --- a/consultation_analyser/consultations/views/sessions.py +++ b/consultation_analyser/consultations/views/sessions.py @@ -55,4 +55,5 @@ def destroy(request: HttpRequest): @method_decorator(login_not_required, name="dispatch") class MagicLinkView(magic_link.views.MagicLinkView): + # Explicitly declared class so can use decorator. pass diff --git a/consultation_analyser/middleware.py b/consultation_analyser/middleware.py index c2949264..fb1d7db1 100644 --- a/consultation_analyser/middleware.py +++ b/consultation_analyser/middleware.py @@ -11,12 +11,10 @@ def __init__(self, get_response): def __call__(self, request): response = self.get_response(request) if request.path.startswith("/support/"): - if not request.user.is_staff: + # Must already be logged in from login required middleware. + # Sign-out is excepted as we don't want to 404 on sign-out. + if (not request.user.is_staff) and (not request.path.startswith("/support/sign-out/")): raise Http404 - # if not request.user.is_authenticated: - # return HttpResponseNotFound() - # elif not request.user.is_staff: - # return HttpResponseNotFound() return response diff --git a/tests/integration/test_logging_in_to_support.py b/tests/integration/test_logging_in_to_support.py index 1673d764..e3209784 100644 --- a/tests/integration/test_logging_in_to_support.py +++ b/tests/integration/test_logging_in_to_support.py @@ -8,7 +8,7 @@ def test_logging_in_to_support(client): # given I am a logged in admin user user = UserFactory( email="email@example.com", - password="admin", # pragma: allowlist secret + # password="admin", # pragma: allowlist secret is_staff=True, ) client.force_login(user)