From f92569d4688bf58758c0009a3bb13261d25033ac Mon Sep 17 00:00:00 2001
From: Simeon Keske <git@n0emis.eu>
Date: Wed, 2 Sep 2020 22:33:39 +0200
Subject: [PATCH] move redirect code to own function

---
 netbox/users/views.py | 35 ++++++++++++++++++-----------------
 1 file changed, 18 insertions(+), 17 deletions(-)

diff --git a/netbox/users/views.py b/netbox/users/views.py
index 011281b45..46221f649 100644
--- a/netbox/users/views.py
+++ b/netbox/users/views.py
@@ -36,17 +36,12 @@ class LoginView(View):
         return super().dispatch(*args, **kwargs)
 
     def get(self, request):
-        if request.user.is_authenticated:
-            # Already logged-in, determine where to redirect
-            redirect_to = request.GET.get('next', reverse('home'))
-            if redirect_to and not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
-                logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_to}")
-                redirect_to = reverse('home')
-
-            return HttpResponseRedirect(redirect_to)
-
         form = LoginForm(request)
 
+        if request.user.is_authenticated:
+            logger = logging.getLogger('netbox.auth.login')
+            return self.redirect_to_next(request, logger)
+
         return render(request, self.template_name, {
             'form': form,
         })
@@ -58,12 +53,6 @@ class LoginView(View):
         if form.is_valid():
             logger.debug("Login form validation was successful")
 
-            # Determine where to direct user after successful login
-            redirect_to = request.POST.get('next', reverse('home'))
-            if redirect_to and not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
-                logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_to}")
-                redirect_to = reverse('home')
-
             # If maintenance mode is enabled, assume the database is read-only, and disable updating the user's
             # last_login time upon authentication.
             if settings.MAINTENANCE_MODE:
@@ -75,8 +64,7 @@ class LoginView(View):
             logger.info(f"User {request.user} successfully authenticated")
             messages.info(request, "Logged in as {}.".format(request.user))
 
-            logger.debug(f"Redirecting user to {redirect_to}")
-            return HttpResponseRedirect(redirect_to)
+            return self.redirect_to_next(request, logger)
 
         else:
             logger.debug("Login form validation failed")
@@ -85,6 +73,19 @@ class LoginView(View):
             'form': form,
         })
 
+    def redirect_to_next(self, request, logger):
+        if request.method == "POST":
+            redirect_to = request.POST.get('next', reverse('home'))
+        else:
+            redirect_to = request.GET.get('next', reverse('home'))
+
+        if redirect_to and not is_safe_url(url=redirect_to, allowed_hosts=request.get_host()):
+            logger.warning(f"Ignoring unsafe 'next' URL passed to login form: {redirect_to}")
+            redirect_to = reverse('home')
+
+        logger.debug(f"Redirecting user to {redirect_to}")
+        return HttpResponseRedirect(redirect_to)
+
 
 class LogoutView(View):
     """