diff --git a/moztrap/model/mtadmin.py b/moztrap/model/mtadmin.py index d249488e..6886f63e 100644 --- a/moztrap/model/mtadmin.py +++ b/moztrap/model/mtadmin.py @@ -7,6 +7,7 @@ from django.conf import settings from django.forms.models import BaseInlineFormSet +from django.shortcuts import redirect from django.views.decorators.cache import never_cache from django.contrib import admin, messages @@ -38,6 +39,18 @@ def login(self, request, extra_context=None): ) + @never_cache + def logout(self, request, extra_context=None): + """ + Make admin 'logout' a no-op. + + We replace the link with a "back to MozTrap" link. + + The default AdminSite.logout implementation exposes us to logout CSRF. + + """ + return redirect("home") + site = MTAdminSite() diff --git a/templates/admin/base_site.html b/templates/admin/base_site.html new file mode 100644 index 00000000..96232362 --- /dev/null +++ b/templates/admin/base_site.html @@ -0,0 +1,15 @@ +{% extends "admin/base.html" %} +{% load url from future %} +{% load i18n %} + +{% block title %}{{ title }} | {% trans 'MozTrap admin' %}{% endblock %} + +{% block branding %} +
We keep your email private, but we need a username to publicly identify +
We keep your email private, so we need a username to publicly identify you on the site.