From 31a32faf53de0df8781cb850d95397938bc96017 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Brunner?= <stephane.brunner@camptocamp.com>
Date: Wed, 18 Dec 2024 17:18:44 +0100
Subject: [PATCH] Don't have an authenticatication loop

When we want to access to the admin interface with oidc and with a user
that's not allowed to access to the admin interface.
---
 geoportal/c2cgeoportal_geoportal/views/login.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/geoportal/c2cgeoportal_geoportal/views/login.py b/geoportal/c2cgeoportal_geoportal/views/login.py
index e49eb845bd..28de2197f6 100644
--- a/geoportal/c2cgeoportal_geoportal/views/login.py
+++ b/geoportal/c2cgeoportal_geoportal/views/login.py
@@ -93,6 +93,9 @@ def _referrer_log(self) -> None:
 
     @forbidden_view_config(renderer="login.html")  # type: ignore[misc]
     def loginform403(self) -> dict[str, Any] | pyramid.response.Response:
+        if self.request.authenticated_userid is not None:
+            return HTTPForbidden()
+
         if self.authentication_settings.get("openid_connect", {}).get("enabled", False):
             return HTTPFound(
                 location=self.request.route_url(
@@ -101,9 +104,6 @@ def loginform403(self) -> dict[str, Any] | pyramid.response.Response:
                 )
             )
 
-        if self.request.authenticated_userid is not None:
-            return HTTPForbidden()
-
         set_common_headers(self.request, "login", Cache.PRIVATE_NO)
 
         return {