fix: add setting to auto-redirect anon users to login, from home page

2024-08-20 20:16:19 -05:00 · 2024-08-20 20:16:19 -05:00 · 2d9757f677
parent e9d59062ca
commit 2d9757f677
5 changed files with 51 additions and 1 deletions
--- a/src/wuttaweb/templates/appinfo/configure.mako
+++ b/src/wuttaweb/templates/appinfo/configure.mako
@ -24,6 +24,36 @@

  </div>

+  <h3 class="block is-size-3">User/Auth</h3>
+  <div class="block" style="padding-left: 2rem; width: 50%;">
+
+    <b-field>
+      <b-checkbox name="wuttaweb.home_redirect_to_login"
+                  v-model="simpleSettings['wuttaweb.home_redirect_to_login']"
+                  native-value="true"
+                  @input="settingsNeedSaved = true">
+        Home Page auto-redirect to Login
+        <b-tooltip position="is-right">
+          <b-icon pack="fas" icon="info-circle" />
+          <template v-slot:content>
+            <p class="block">
+              If set, show the Login page instead of Home page for Anonymous users.
+            </p>
+            <p class="block has-text-weight-bold">
+              This only "enforces" Login for the Home page, not for
+              other pages.  Anonymous users can see whatever the role
+              permissions authorize.
+            </p>
+            <p class="block">
+              If not set, Anonymous users will see the Home page without being redirected.
+            </p>
+          </template>
+        </b-tooltip>
+      </b-checkbox>
+    </b-field>
+
+  </div>
+
  <h3 class="block is-size-3">Web Libraries</h3>
  <div class="block" style="padding-left: 2rem;">

--- a/src/wuttaweb/templates/base.mako
+++ b/src/wuttaweb/templates/base.mako
@ -154,7 +154,7 @@
    .wutta-form-wrapper {
        margin-left: 5rem;
        margin-top: 2rem;
-        width: 50%;
+        width: 75%;
    }

  </style>
--- a/src/wuttaweb/views/common.py
+++ b/src/wuttaweb/views/common.py
@ -53,6 +53,11 @@ class CommonView(View):
        if not user:
            return self.redirect(self.request.route_url('setup'))

+        # maybe auto-redirect anons to login
+        if not self.request.user:
+            if self.config.get_bool('wuttaweb.home_redirect_to_login'):
+                return self.redirect(self.request.route_url('login'))
+
        return {
            'index_title': self.app.get_title(),
        }
--- a/src/wuttaweb/views/settings.py
+++ b/src/wuttaweb/views/settings.py
@ -63,6 +63,10 @@ class AppInfoView(MasterView):
            {'name': f'{self.app.appname}.production',
             'type': bool},

+            # user/auth
+            {'name': 'wuttaweb.home_redirect_to_login',
+             'type': bool, 'default': False},
+
            # web libs
            {'name': 'wuttaweb.libver.vue'},
            {'name': 'wuttaweb.liburl.vue'},
--- a/tests/views/test_common.py
+++ b/tests/views/test_common.py
@ -24,6 +24,7 @@ class TestCommonView(WebTestCase):

    def test_home(self):
        self.pyramid_config.add_route('setup', '/setup')
+        self.pyramid_config.add_route('login', '/login')
        model = self.app.model
        view = self.make_view()

@ -40,6 +41,16 @@ class TestCommonView(WebTestCase):
        context = view.home(session=self.session)
        self.assertEqual(context['index_title'], self.app.get_title())

+        # but if configured, anons will be redirected to login
+        self.config.setdefault('wuttaweb.home_redirect_to_login', 'true')
+        response = view.home(session=self.session)
+        self.assertEqual(response.status_code, 302)
+
+        # now only an auth'ed user can see home page
+        self.request.user = user
+        context = view.home(session=self.session)
+        self.assertEqual(context['index_title'], self.app.get_title())
+
    def test_setup(self):
        self.pyramid_config.add_route('home', '/')
        self.pyramid_config.add_route('login', '/login')