|
16 | 16 | from cvss.exceptions import CVSS2MalformedError |
17 | 17 | from cvss.exceptions import CVSS3MalformedError |
18 | 18 | from cvss.exceptions import CVSS4MalformedError |
19 | | -from django import forms |
20 | 19 | from django.contrib import messages |
21 | 20 | from django.contrib.auth.views import LoginView |
22 | 21 | from django.core.cache import cache |
|
29 | 28 | from django.http import HttpResponse |
30 | 29 | from django.http.response import Http404 |
31 | 30 | from django.shortcuts import get_object_or_404 |
32 | | -from django.shortcuts import redirect |
33 | 31 | from django.shortcuts import render |
34 | 32 | from django.urls import reverse_lazy |
35 | 33 | from django.views import View |
|
38 | 36 | from django.views.generic.edit import FormMixin |
39 | 37 | from django.views.generic.edit import FormView |
40 | 38 | from django.views.generic.list import ListView |
41 | | -from django_altcha import AltchaField |
42 | 39 |
|
43 | 40 | from vulnerabilities import models |
44 | 41 | from vulnerabilities.forms import AdminLoginForm |
|
49 | 46 | from vulnerabilities.forms import PackageSearchForm |
50 | 47 | from vulnerabilities.forms import PipelineSchedulePackageForm |
51 | 48 | from vulnerabilities.forms import VulnerabilitySearchForm |
| 49 | +from vulnerabilities.middleware.altcha_protection import SESSION_TIMEOUT as ALTCHA_SESSION_TIMEOUT |
52 | 50 | from vulnerabilities.models import ISSUE_TYPE_CHOICES |
53 | 51 | from vulnerabilities.models import AdvisorySetMember |
54 | 52 | from vulnerabilities.models import AdvisoryToDoV2 |
|
66 | 64 | from vulnerabilities.throttling import AnonUserUIThrottle |
67 | 65 | from vulnerabilities.utils import TYPES_WITH_MULTIPLE_IMPORTERS |
68 | 66 | from vulnerabilities.utils import get_advisories_from_groups |
| 67 | +from vulnerabilities.utils import safe_altcha_redirect |
69 | 68 | from vulnerablecode import __version__ as VULNERABLECODE_VERSION |
70 | 69 | from vulnerablecode.settings import env |
71 | 70 |
|
@@ -1165,6 +1164,19 @@ class AltchaView(FormView): |
1165 | 1164 | template_name = "altcha.html" |
1166 | 1165 | form_class = AltchaForm |
1167 | 1166 |
|
| 1167 | + def dispatch(self, request, *args, **kwargs): |
| 1168 | + """Do not show Altcha challenge to already validated user.""" |
| 1169 | + verified_at = request.session.get("altcha_verified_at") |
| 1170 | + |
| 1171 | + if verified_at: |
| 1172 | + if time.time() - verified_at < ALTCHA_SESSION_TIMEOUT: |
| 1173 | + next_url = request.GET.get("next", "/") |
| 1174 | + return safe_altcha_redirect(next_url) |
| 1175 | + |
| 1176 | + return super().dispatch(request, *args, **kwargs) |
| 1177 | + |
1168 | 1178 | def form_valid(self, form): |
1169 | 1179 | self.request.session["altcha_verified_at"] = time.time() |
1170 | | - return redirect("/") |
| 1180 | + |
| 1181 | + next_url = self.request.GET.get("next", "/") |
| 1182 | + return safe_altcha_redirect(next_url) |
0 commit comments