Force login before giving community auth consent

In the normal workflow this would always happen, but if the user got to
the page without being logged in (probably most likely to happen if the
session timed out while waiting to proceed) we would crash on trying to
create an invalid consent record. Instead, force a re-login in this
case.

diff --git a/pgweb/account/views.py b/pgweb/account/views.py
index dc8f44f00f2909fdd9e8ec2090432a6a43aa417a..570998008f81754843e9047da252e7f164a4eb67 100644 (file)
--- a/pgweb/account/views.py
+++ b/pgweb/account/views.py
@@ -538,6 +538,7 @@ def communityauth_logout(request, siteid):
        # Redirect user back to the specified suburl
        return HttpResponseRedirect("%s?s=logout" % site.redirecturl)
 
+@login_required
 def communityauth_consent(request, siteid):
        org = get_object_or_404(CommunityAuthSite, id=siteid).org
        if request.method == 'POST':