diff --git a/label_studio/core/middleware.py b/label_studio/core/middleware.py index 63530384c912..10e869013032 100644 --- a/label_studio/core/middleware.py +++ b/label_studio/core/middleware.py @@ -212,9 +212,10 @@ def process_request(self, request) -> None: current_time = time.time() last_login = request.session['last_login'] if 'last_login' in request.session else 0 - # Check if this request is too far from when the login happened - if (current_time - last_login) > settings.MAX_SESSION_AGE: - logger.info( + # Check if this request is too far from when the login happened, + # but only when last_login was set before + if last_login and (current_time - last_login) > settings.MAX_SESSION_AGE: + logger.warn( f'Request is too far from last login {current_time - last_login:.0f} > {settings.MAX_SESSION_AGE}; logout' ) logout(request) diff --git a/label_studio/tests/test_django_admin_login.py b/label_studio/tests/test_django_admin_login.py new file mode 100644 index 000000000000..28a49398ebf1 --- /dev/null +++ b/label_studio/tests/test_django_admin_login.py @@ -0,0 +1,25 @@ +from django.urls import reverse + + +def test_django_admin_login(admin_user, client, live_server): + response = client.get(reverse("admin:index")) + + # Make sure we are redirected to the django admin login page + assert response.status_code == 302 + assert response.url.startswith(reverse("admin:login")) + + credentials = {"username": admin_user.email, "password": "password"} + response = client.post(response.url, credentials) + + # We should be redirected to the django index + assert response.status_code == 302 + assert response.url.startswith(reverse("admin:index")) + + # No last_login key has been set in the session as we do not + # login via the regular /users/login page + assert "last_login" not in client.session + + # And our logged in session will still be valid + response = client.get(reverse("admin:index")) + + assert response.status_code == 200