Giters

mbi / django-rosetta

Rosetta is a Django application that eases the translation process of your Django projects

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Infinite Redirected Loop when Accessing Django Rosetta Page with users other than superuser

oussama-he opened this issue · comments

commented
  • Which version of Django are you using?:
    4.2.5
  • Which version of django-rosetta are you using?:
    0.9.9
  • Have you looked trough recent issues and checked this isn't a duplicate?
    Yes

When attempting to access the rosetta page localhost:8000/rosetta, I am experiencing an infinite redirected loop. This means that the page continuously redirects to the login page, which itself redirects to the rosetta page and so on, resulting in an endless loop without successfully showing a 403 page or something.

[31/Oct/2023 15:16:00] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:00] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:00] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:01] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:02] "GET /rosetta/files/project/ HTTP/1.1" 302 0
[31/Oct/2023 15:16:02] "GET /accounts/login/?next=/rosetta/files/project/ HTTP/1.1" 302 0
...

Expected Behavior:
The expected behavior is that when accessing the page with a user other than the admin (superuser), it should load a 403 page without any redirection issues or loops.

I'm asking if there is a setting to fix this or if it is a bug because I've tried the ROSETTA_ACCESS_CONTROL_FUNCTION setting, but the same behavior was kept.

Thank you in advance.

commented

It seems to me that:

  1. You are logged in (and hence your /accounts/login/ does not display the login form but instead redirects to the value of ?next, but
  2. The logged in user doesn't have enough privileges to edit PO files through Rosetta, as defined by ROSETTA_ACCESS_CONTROL_FUNCTION.

In either case, the fix would be to

  1. Fix your redirecting view to check that the user has enough privileges to edit PO files, when trying to redirect to a Rosetta URL, or
  2. Adapt ROSETTA_ACCESS_CONTROL_FUNCTION to allow editing PO files if the user is already logged in.

Either way, this really depends on your setup / your user management policies, and is not really a Rosetta issue.