@@ -174,21 +174,23 @@ def load_sso_kwargs(self, sso_kwargs):
174174 def add_idp_hinting (self , http_response ):
175175 return add_idp_hinting (self .request , http_response ) or http_response
176176
177- def get (self , request , * args , ** kwargs ):
178- logger .debug ("Login process started" )
179- next_path = self .get_next_path (request )
180-
181- # if the user is already authenticated that maybe because of two reasons:
177+ def should_prevent_auth (self , request ) -> bool :
178+ # If the user is already authenticated that maybe because of two reasons:
182179 # A) He has this URL in two browser windows and in the other one he
183180 # has already initiated the authenticated session.
184181 # B) He comes from a view that (incorrectly) send him here because
185182 # he does not have enough permissions. That view should have shown
186183 # an authorization error in the first place.
187- # We can only make one thing here and that is configurable with the
188- # SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN setting. If that setting
189- # is True (default value) we will redirect him to the next_path path.
190- # Otherwise, we will show an (configurable) authorization error.
191- if request .user .is_authenticated :
184+ return request .user .is_authenticated
185+
186+ def get (self , request , * args , ** kwargs ):
187+ logger .debug ("Login process started" )
188+ next_path = self .get_next_path (request )
189+
190+ if self .should_prevent_auth (request ):
191+ # If the SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN setting is True
192+ # (default value), redirect to the next_path. Otherwise, show a
193+ # configurable authorization error.
192194 if get_custom_setting ("SAML_IGNORE_AUTHENTICATED_USERS_ON_LOGIN" , True ):
193195 return HttpResponseRedirect (next_path )
194196 logger .debug ("User is already logged in" )
0 commit comments