labd
Wrong redirection after successful authentication to the admin page
After successful authentication to the admin page, redirection to the always the same non-existing address "/admin/sprite-8cfe9c6c/" sometimes occurs instead of registered URL-path "/admin/" (wagtail admin). /admin/sprite-8cfe9c6c/ is the empty (blank) page without Wagtail's admin page menus. The Wagtail version is 5.0.2. The Django version is 4.2.3. Changing the Django version to 4.0.10 does not influence the issue.
Experiencing the same issue, it appears the form is appearing twice, if you scroll down to the second form it appears to show "successfully logged in" and the otp form redirects properly.
There is the following code in Wagtail's skeleton template:
<body id="wagtail" class="{% block bodyclass %}{% endblock %} {% if sidebar_collapsed %}sidebar-collapsed{% endif %} {% if messages %}has-messages{% endif %}">
<div data-sprite></div>
<script src="{% versioned_static 'wagtailadmin/js/icons.js' %}" data-icon-url="{% url 'wagtailadmin_sprite' %}"></script>
and the script wagtailadmin/js/icons.js loads sprites from wagtailadmin_sprite url, which usually looks like /admin/sprite-8cfe9c6c, and of course when it's accessed, it gets the 2FA auth page and inserts it into this
Looks like it's enough to add that url to VerifyUserMiddleware._allowed_url_names in order to fix the issue.
As a temporary solution I subclassed the original VerifyUserMiddleware adding "wagtailadmin_sprite" to _allowed_url_names:
from wagtail_2fa.middleware import VerifyUserMiddleware as VerifyUserMiddlewareBase
class VerifyUserMiddleware(VerifyUserMiddlewareBase):
_allowed_url_names = [
"wagtail_2fa_auth",
"wagtailadmin_login",
"wagtailadmin_logout",
"wagtailadmin_javascript_catalog",
"wagtailadmin_sprite",
]
and then using the customized middleware in my project.
