New Wibewa Wagtail Blog

Django Allauth and Private Pages

March 10, 2025

Most of what I wrote below is moot thanks to a reply I got on Stackoverflow from gasman. Still concening a Wagtail site with Django-Allauth and private pages - add the following to settings:

    WAGTAIL_FRONTEND_LOGIN_URL = "/accounts/login/"

I'm still keeping the following line in my URLs but I'll do some testing to see if this is even necessary and update this post later ( I don't think it is necessary)

    path("admin/login/", RedirectView.as_view(url="/accounts/login/?next=admin")),

But don't bother with the _ util redirection because the Wagtail login directive takes care of that. Plus, with that directive in place, the user is redirected back to the article they were viewing

All below is from my original post just for reference

This is one of those many times where I find a solution but I'm not sure if what I'm doing is good or problematic.

I have a Wagtail site where I'm using 2FA sent by email and I have private articles that people have to log in to see.

Before the fix, when people logged in to the admin panel, everything worked as expected - they were required to enter a code that was emailed to them. But when people logged in to view an article, they were able to log in without 2FA and once logged in, they could then browse to the admin panel without further challenges

I think I fixed this by adding the following line:

path("_util/login/", RedirectView.as_view(url="/accounts/login/?next=/accounts")),

This works because when someone clicked on an article, they were redirected to _util/login, so the fix is re-redirecting to accounts

This line follows the similar redirect which was already in place so my urls look like:

urlpatterns = [
    path("django-admin/", admin.site.urls),
    path("admin/login/", RedirectView.as_view(url="/accounts/login/?next=admin")),
    path("_util/login/", RedirectView.as_view(url="/accounts/login/?next=/accounts")),
    path("admin/", include(wagtailadmin_urls)),
    path("accounts/", include("allauth.urls")),
    path("documents/", include(wagtaildocs_urls)),
    path("search/", search_views.search, name="search"),
]

I hope this helps people in similar situations but I don't know how to redirect the visitor back to the article they clicked on, and I'm not sure there isn't anything insecure about this that should be addressed. I'm looking into both

Tags