diff --git a/apps/authentication/templates/authentication/login.html b/apps/authentication/templates/authentication/login.html index 3b8ae55a9..7163573ba 100644 --- a/apps/authentication/templates/authentication/login.html +++ b/apps/authentication/templates/authentication/login.html @@ -223,10 +223,21 @@ height: 13px; cursor: pointer; } + + .error-info { + font-size: 16px; + text-align: center; + } +{% if not origin_is_allowed %} +
+ 配置文件存在问题,无法完成登录,请联系管理员解决,或查看最新更新说明
+ Configuration file has problems and cannot be logged in. Please contact the administrator +
+{% endif %}
@@ -309,7 +320,8 @@
-
diff --git a/apps/authentication/views/login.py b/apps/authentication/views/login.py index 459abb3cf..15066c167 100644 --- a/apps/authentication/views/login.py +++ b/apps/authentication/views/login.py @@ -134,6 +134,16 @@ class UserLoginContextMixin: count += 1 return count + def origin_is_allowed(self): + from urllib.parse import urlparse + http_referer = self.request.META.get('HTTP_REFERER') + try: + referer = urlparse(http_referer) + except ValueError: + return False + allowed_domains = settings.ALLOWED_DOMAINS + return referer.netloc in allowed_domains + def get_context_data(self, **kwargs): context = super().get_context_data(**kwargs) context.update({ @@ -143,6 +153,7 @@ class UserLoginContextMixin: 'current_lang': self.get_current_lang(), 'forgot_password_url': self.get_forgot_password_url(), 'extra_fields_count': self.get_extra_fields_count(context), + 'origin_is_allowed': self.origin_is_allowed(), **self.get_user_mfa_context(self.request.user) }) return context