diff --git a/seahub/base/sudo_mode.py b/seahub/base/sudo_mode.py index bdc3ed2d10..0ae61381fc 100644 --- a/seahub/base/sudo_mode.py +++ b/seahub/base/sudo_mode.py @@ -24,7 +24,7 @@ def update_sudo_mode_ts(request): def update_sudo_ts_when_login(**kwargs): request = kwargs['request'] - if request.user.is_staff: + if request.user.is_staff and not getattr(request, 'client_token_login', False): update_sudo_mode_ts(request) if ENABLE_SUDO_MODE: diff --git a/seahub/views/__init__.py b/seahub/views/__init__.py index ba26b3a11d..ba0753d5b5 100644 --- a/seahub/views/__init__.py +++ b/seahub/views/__init__.py @@ -2115,6 +2115,7 @@ def client_token_login(request): if request.user.is_authenticated() and request.user.username == user.username: pass else: + request.client_token_login = True auth_login(request, user) return HttpResponseRedirect(request.GET.get("next", reverse('libraries'))) diff --git a/tests/api/test_auth.py b/tests/api/test_auth.py index a4d0538f3a..f1aa7bc421 100644 --- a/tests/api/test_auth.py +++ b/tests/api/test_auth.py @@ -77,6 +77,12 @@ class AuthTest(ApiTestBase): r = requests.get(url) assert r.url == urljoin(BASE_URL, '/profile/') + def test_client_login_token_wont_enter_sudo_mode(self): + url = self._get_client_login_url(admin=True) + url += '&next=/sys/useradmin' + r = requests.get(url) + assert r.url == urljoin(BASE_URL, '/sys/sudo/?next=/sys/useradmin/') + def _desktop_login(self): data = { 'username': USERNAME, @@ -106,7 +112,8 @@ class AuthTest(ApiTestBase): def _logout(self, token): self.post(LOGOUT_DEVICE_URL, token=token) - def _get_client_login_url(self): - token = self.post(CLIENT_LOGIN_TOKEN_URL).json()['token'] + def _get_client_login_url(self, admin=False): + post = self.admin_post if admin else self.post + token = post(CLIENT_LOGIN_TOKEN_URL).json()['token'] assert len(token) == 32 return urljoin(BASE_URL, 'client-login/') + '?token=' + token