django login required not happening

Question

I am not able to redirect the page after login. I m using django 1.7.

#settings.py
# login URL
LOGIN_URL = '/login/'

#urls.py
url(r'^home/order',views.buy_order,name="buy_order"),
url(r'^login/$',views.login,name='login'),
url(r'^login_submit/$',views.login_submit,name='login_submit'),

#views.py
@login_required(login_url='/login/')
def buy_order_confirm(request):
    pass

def login(request):
    template='login.html'
    return render(request,template)

def login_submit(request):
    if request.method == "POST":
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login_user(request, user)
                return HttpResponseRedirect(request.POST['next']) # gives error : *** MultiValueDictKeyError: "'next'"
            else:
                raise Http404("User is not active")
    else:
        raise Http404("Not a valid request")
    return render(request,template)

In doc , it is given that after login page it will redirect automatically. But it is not happening for me. I have read this and this . They tell to send the get params in hidden field in form. I don't feel this is right. I feel there should be a clear way.

Can anyone tell me where am I wrong?

Answer 1

I don't understand. your condition is on POST mode

if request.method == "POST"

And you try redirect with an GET argument...

You need to pass 'next' value in your form, and get it with POST['next']

Example :

if 'next' in request.POST:
    return HttpResponseRedirect(request.POST['next'])
else:
    return HttpResponseRedirect('/home/')

Answer 2

Resolved by adding hidden field for next param.login.html is

form class="form-signin" method="post" action="{% url 'login' %}">{% csrf_token %}
        <input type="hidden" name="next" value="{{ next }}" />
        <h2 class="form-signin-heading">Please sign in</h2>
        <label for="inputEmail" class="sr-only">Email address</label>
        <input type="text" id="inputEmail" class="form-control" placeholder="Username" required="" autofocus="" name="username">
        <label for="inputPassword" class="sr-only">Password</label>
        <input type="password" id="inputPassword" class="form-control" placeholder="Password" required="" name="password">
        <div class="checkbox">
            <label>
              <input type="checkbox" value="remember-me"> Remember me
            </label>
        </div>
        <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
    </form>

And my login view is,

def login(request):
    if request.method == 'GET':
        template='login.html'
        context = {}
        next = request.GET.get('next',None)
        if next:
            context['next'] = next
        return render(request,template,context)
    if request.method == "POST":
        username = request.POST['username']
        password = request.POST['password']
        user = authenticate(username=username, password=password)
        if user is not None:
            if user.is_active:
                login_user(request, user)
                template='home.html'
                return HttpResponseRedirect(request.POST['next'])
            else:
                raise Http404("User is not active")

Problem solved by a hidden field. but to me it was not clear with the doc