Don't have an authenticatication loop

When we want to access to the admin interface with oidc and with a user that's not allowed to access to the admin interface.
camptocamp · Dec 18, 2024 · 31a32fa · 31a32fa
1 parent f9c7b1b
commit 31a32fa
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/geoportal/c2cgeoportal_geoportal/views/login.py b/geoportal/c2cgeoportal_geoportal/views/login.py
@@ -93,6 +93,9 @@ def _referrer_log(self) -> None:
 
     @forbidden_view_config(renderer="login.html")  # type: ignore[misc]
     def loginform403(self) -> dict[str, Any] | pyramid.response.Response:
+        if self.request.authenticated_userid is not None:
+            return HTTPForbidden()
+
         if self.authentication_settings.get("openid_connect", {}).get("enabled", False):
             return HTTPFound(
                 location=self.request.route_url(
@@ -101,9 +104,6 @@ def loginform403(self) -> dict[str, Any] | pyramid.response.Response:
                 )
             )
 
-        if self.request.authenticated_userid is not None:
-            return HTTPForbidden()
-
         set_common_headers(self.request, "login", Cache.PRIVATE_NO)
 
         return {