From c4bf508cd85f97a5a22d088812bc8cb1b643cc8e Mon Sep 17 00:00:00 2001
From: Jennifer Richards <jennifer@painless-security.com>
Date: Mon, 24 Jan 2022 17:34:29 +0000
Subject: [PATCH] Do not redirect user to the logout page when logging in.
 Fixes #3478. Commit ready for merge.  - Legacy-Id: 19876

---
 ietf/doc/templatetags/ietf_filters.py | 17 +++++++++++++++++
 ietf/ietfauth/tests.py                |  1 +
 ietf/templates/base.html              |  2 +-
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/ietf/doc/templatetags/ietf_filters.py b/ietf/doc/templatetags/ietf_filters.py
index 488f24289..24b1e7535 100644
--- a/ietf/doc/templatetags/ietf_filters.py
+++ b/ietf/doc/templatetags/ietf_filters.py
@@ -394,6 +394,23 @@ def expires_soon(x,request):
 def startswith(x, y):
     return str(x).startswith(y)
 
+
+@register.filter(name='removesuffix', is_safe=False)
+def removesuffix(value, suffix):
+    """Remove an exact-match suffix
+    
+    The is_safe flag is False because indiscriminate use of this could result in non-safe output.
+    See https://docs.djangoproject.com/en/2.2/howto/custom-template-tags/#filters-and-auto-escaping
+    which describes the possibility that removing characters from an escaped string may introduce
+    HTML-unsafe output.
+    """
+    base = str(value)
+    if base.endswith(suffix):
+        return base[:-len(suffix)]
+    else:
+        return base
+
+
 @register.filter
 def has_role(user, role_names):
     from ietf.ietfauth.utils import has_role
diff --git a/ietf/ietfauth/tests.py b/ietf/ietfauth/tests.py
index bcd1d45a0..988d15521 100644
--- a/ietf/ietfauth/tests.py
+++ b/ietf/ietfauth/tests.py
@@ -95,6 +95,7 @@ class IetfAuthTests(TestCase):
         # try logging out
         r = self.client.get(urlreverse('django.contrib.auth.views.logout'))
         self.assertEqual(r.status_code, 200)
+        self.assertNotContains(r, "accounts/logout")
 
         r = self.client.get(urlreverse(ietf.ietfauth.views.profile))
         self.assertEqual(r.status_code, 302)
diff --git a/ietf/templates/base.html b/ietf/templates/base.html
index cd75f0e63..8890e6619 100644
--- a/ietf/templates/base.html
+++ b/ietf/templates/base.html
@@ -72,7 +72,7 @@
             </ul>
         {% if not user.is_authenticated %}
             <p class="navbar-text"></p>
-            <a class="btn {% if server_mode and server_mode == "production" %}btn-warning{% else %}btn-default{% endif %} btn-sm navbar-btn" rel="nofollow" href="/accounts/login/?next={{request.get_full_path|urlencode}}">Sign in</a>
+            <a class="btn {% if server_mode and server_mode == "production" %}btn-warning{% else %}btn-default{% endif %} btn-sm navbar-btn" rel="nofollow" href="/accounts/login/?next={{request.get_full_path|removesuffix:"accounts/logout/"|urlencode}}">Sign in</a>
         {% endif %}
 
 	    <form class="navbar-form navbar-right hidden-xs" action="/doc/search/">