LoginView appears to redirect any logged in user automatically (via RedirectAuthenticatedUserMixin).
I think that the view should be displayed always when it is requested - as with django.contrib.auth.
My specific use case is using the SuperuserRequiredMixin from django-braces, which redirects to settings.LOGIN_URL, if the user is not a superuser.
When a non-superuser is logged in, this will result in an infinite redirect loop.
I just met something similar using django.contrib.auth.decorators.user_passes_test. If a user is logged in who fails the test they are redirected to the login page, which redirects them straight back again to the view which was testing in the first place, etc.
Same here with Wagtail, when I try to access Wagtail's admin without sufficient permissions, Wagtail redirects me to settings.LOGIN_PAGE, then alllauth redirects me back to admin, that so redirect loop begins.
Wagtail uses standard login_required decorator, and this decorator automatically redirects user to login page even if user is already logged in, but does not have required permission. It means, that it should be quite common to redirect user to the login page even if user is already logged in, so allauth should not redirect, unless POST request is made.
Adding Wagtail's bug link, as a reference https://github.com/torchbox/wagtail/issues/431
I agree, this causes infinite loops for us too. I have seen this in combination with django-braces as well as our own Auth/Auth software.
Has anybody worked around by subclassing LoginView and removing RedirectAuthenticatedUserMixin? Not sure if that'd have any unintended consequences.
Note that ACCOUNT_AUTHENTICATED_LOGIN_REDIRECTS = False disables this behavior.
Most helpful comment
Note that
ACCOUNT_AUTHENTICATED_LOGIN_REDIRECTS = Falsedisables this behavior.