From 6bc5e98964c5b032bbaadad8f23adb9ade69c920 Mon Sep 17 00:00:00 2001
From: Fredrik Jonsson <frjo@xdeb.org>
Date: Mon, 13 Jul 2020 08:23:36 +0200
Subject: [PATCH] Update to latest django-two-factor-auth with folling up
 changes.

---
 hypha/apply/users/urls.py  |  2 +-
 hypha/apply/users/views.py | 52 ++------------------------------------
 hypha/urls.py              |  2 +-
 requirements.txt           |  6 ++---
 4 files changed, 7 insertions(+), 55 deletions(-)

diff --git a/hypha/apply/users/urls.py b/hypha/apply/users/urls.py
index ee0affa85..3613ffccb 100644
--- a/hypha/apply/users/urls.py
+++ b/hypha/apply/users/urls.py
@@ -1,10 +1,10 @@
 from django.contrib.auth import views as auth_views
 from django.urls import include, path, reverse_lazy
+from two_factor.views import LoginView
 
 from hypha.apply.users.views import (
     AccountView,
     ActivationView,
-    LoginView,
     become,
     create_password,
     oauth,
diff --git a/hypha/apply/users/views.py b/hypha/apply/users/views.py
index d7a1fd35e..93abb55d2 100644
--- a/hypha/apply/users/views.py
+++ b/hypha/apply/users/views.py
@@ -1,25 +1,18 @@
-from django.conf import settings
 from django.contrib import messages
 from django.contrib.auth import get_user_model, login, update_session_auth_hash
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth.forms import AdminPasswordChangeForm
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
-from django.contrib.auth.views import SuccessURLAllowedHostsMixin
 from django.core.exceptions import PermissionDenied
-from django.http import HttpResponseRedirect
-from django.shortcuts import redirect, render, resolve_url
+from django.shortcuts import redirect, render
 from django.template.response import TemplateResponse
 from django.urls import reverse_lazy
 from django.utils.decorators import method_decorator
 from django.utils.encoding import force_str
-from django.utils.http import is_safe_url, urlsafe_base64_decode
-from django.views.decorators.cache import never_cache
-from django.views.decorators.csrf import csrf_protect
-from django.views.decorators.debug import sensitive_post_parameters
+from django.utils.http import urlsafe_base64_decode
 from django.views.generic import UpdateView
 from django.views.generic.base import TemplateView
 from hijack.views import login_with_id
-from two_factor.views import LoginView as TwoFactorLoginView
 from wagtail.admin.views.account import password_management_enabled
 
 from .decorators import require_oauth_whitelist
@@ -28,47 +21,6 @@ from .forms import BecomeUserForm, ProfileForm
 User = get_user_model()
 
 
-class LoginView(SuccessURLAllowedHostsMixin, TwoFactorLoginView):
-    redirect_authenticated_user = False
-
-    @method_decorator(sensitive_post_parameters())
-    @method_decorator(csrf_protect)
-    @method_decorator(never_cache)
-    def dispatch(self, request, *args, **kwargs):
-        if self.redirect_authenticated_user and self.request.user.is_authenticated:
-            redirect_to = self.get_success_url()
-            if redirect_to == self.request.path:
-                raise ValueError(
-                    "Redirection loop for authenticated user detected. Check that "
-                    "your LOGIN_REDIRECT_URL doesn't point to a login page."
-                )
-            return HttpResponseRedirect(redirect_to)
-        return super().dispatch(request, *args, **kwargs)
-
-    def get_success_url(self):
-        url = self.get_redirect_url()
-        return url or resolve_url(settings.LOGIN_REDIRECT_URL)
-
-    def get_redirect_url(self):
-        """Return the user-originating redirect URL if it's safe."""
-        redirect_to = self.request.POST.get(
-            self.redirect_field_name,
-            self.request.GET.get(self.redirect_field_name, '')
-        )
-        url_is_safe = is_safe_url(
-            url=redirect_to,
-            allowed_hosts=self.get_success_url_allowed_hosts(),
-            require_https=self.request.is_secure(),
-        )
-        return redirect_to if url_is_safe else ''
-
-    def get_context_data(self, **kwargs):
-        return super().get_context_data(
-            next=self.request.GET.get('next', ''),
-            **kwargs,
-        )
-
-
 @method_decorator(login_required, name='dispatch')
 class AccountView(UpdateView):
     form_class = ProfileForm
diff --git a/hypha/urls.py b/hypha/urls.py
index 310f8cc1c..ce19caf37 100644
--- a/hypha/urls.py
+++ b/hypha/urls.py
@@ -3,6 +3,7 @@ from django.conf.urls import url
 from django.contrib import admin
 from django.urls import include, path
 from django.views.generic import TemplateView
+from two_factor.views import LoginView
 from wagtail.admin import urls as wagtailadmin_urls
 from wagtail.contrib.sitemaps.views import sitemap
 from wagtail.core import urls as wagtail_urls
@@ -10,7 +11,6 @@ from wagtail.documents import urls as wagtaildocs_urls
 from wagtail.images.views.serve import ServeView
 
 from hypha.apply.users.urls import public_urlpatterns as user_urls
-from hypha.apply.users.views import LoginView
 from hypha.apply.utils.views import custom_wagtail_page_delete
 from hypha.public import urls as public_urls
 
diff --git a/requirements.txt b/requirements.txt
index 247796f60..fe26c1eae 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -22,12 +22,12 @@ django-referrer-policy==1.0
 django-storages==1.9.1
 django-tables2==2.2.1
 django-tinymce4-lite==1.8.0
-django-two-factor-auth==1.11.0
+django-two-factor-auth==1.12.1
 django-webpack-loader==0.7.0
 django_select2==7.2.2
 djangorestframework==3.9.2
 djangorestframework-api-key==1.4.1
-django==2.2.13
+django==2.2.14
 gunicorn==20.0.4
 mailchimp3==3.0.14
 mistune==0.8.4
@@ -38,6 +38,6 @@ psycopg2==2.8.5
 reportlab==3.5.34
 social_auth_app_django==3.1.0
 tomd==0.1.3
-wagtail==2.9
+wagtail==2.9.2
 wagtail-cache==1.0.0
 whitenoise==5.1.0
-- 
GitLab