From 090108723c378b163a32ec34b0deca36c95b4423 Mon Sep 17 00:00:00 2001
From: Ilia Petrov <il.petrov@maxima-int.com>
Date: Wed, 27 Aug 2025 15:52:34 +0300
Subject: [PATCH] Fix TOTP view redirection

Previously, the fail url parameter was used for user redirection,
which could lead to a nonexistent URL. This change ensures proper
redirects for authenticated users and users without a receipt.

Change-Id: I74a10739e3294b9089237c318a4712ef9ddf1372
Signed-off-by: Ilia Petrov <il.petrov@maxima-int.com>
---
 openstack_auth/tests/unit/test_auth.py |  4 ++++
 openstack_auth/views.py                | 10 +++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/openstack_auth/tests/unit/test_auth.py b/openstack_auth/tests/unit/test_auth.py
index 4571b0667d..21ac5a2f10 100644
--- a/openstack_auth/tests/unit/test_auth.py
+++ b/openstack_auth/tests/unit/test_auth.py
@@ -1490,6 +1490,10 @@ class OpenstackAuthTestsTOTP(test.TestCase):
 
         self.data = data_v3.generate_test_data()
 
+        session = self.client.session
+        session['receipt'] = 'fake-receipt'
+        session.save()
+
     def get_form_data(self, user):
         return {'region': "default",
                 'domain': DEFAULT_DOMAIN,
diff --git a/openstack_auth/views.py b/openstack_auth/views.py
index cd9045b821..2b5c8b7b2a 100644
--- a/openstack_auth/views.py
+++ b/openstack_auth/views.py
@@ -504,7 +504,7 @@ class TotpView(edit_views.FormView):
     template_name = 'auth/totp.html'
     form_class = forms.TimeBasedOneTimePassword
     success_url = settings.LOGIN_REDIRECT_URL
-    fail_url = "/login/"
+    fail_url = settings.LOGIN_URL
 
     def get_initial(self):
         return {
@@ -515,6 +515,14 @@ class TotpView(edit_views.FormView):
             'domain': self.request.session.get('domain'),
         }
 
+    def get(self, request, *args, **kwargs):
+        if request.user.is_authenticated:
+            return django_http.HttpResponseRedirect(self.success_url)
+        receipt = request.session.get('receipt')
+        if not receipt:
+            return django_http.HttpResponseRedirect(self.fail_url)
+        return super().get(request, *args, **kwargs)
+
     def form_valid(self, form):
         auth.login(self.request, form.user_cache)
         res = django_http.HttpResponseRedirect(self.success_url)