From 507eb69fa4849058497dbd6fdb292ef7e70227fb Mon Sep 17 00:00:00 2001
From: Perry Harrington <pedward@apsoft.com>
Date: Mon, 10 Jul 2023 19:50:21 -0700
Subject: [PATCH] Do not set oidc_login_next for AJAX 403 redirects

Moved the oidc_login_next to below the AJAX return, this means AJAX
requests will be redirected to the LOGIN_REDIRECT_URL instead of the
API endpoint that generated the session refresh.
---
 mozilla_django_oidc/middleware.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mozilla_django_oidc/middleware.py b/mozilla_django_oidc/middleware.py
index 1b050325..bbadf2c7 100644
--- a/mozilla_django_oidc/middleware.py
+++ b/mozilla_django_oidc/middleware.py
@@ -154,8 +154,6 @@ def process_request(self, request):
 
         add_state_and_verifier_and_nonce_to_session(request, state, params)
 
-        request.session["oidc_login_next"] = request.get_full_path()
-
         query = urlencode(params, quote_via=quote)
         redirect_url = "{url}?{query}".format(url=auth_url, query=query)
         if request.headers.get("x-requested-with") == "XMLHttpRequest":
@@ -170,4 +168,6 @@ def process_request(self, request):
             response = JsonResponse({"refresh_url": redirect_url}, status=403)
             response["refresh_url"] = redirect_url
             return response
+
+        request.session["oidc_login_next"] = request.get_full_path()
         return HttpResponseRedirect(redirect_url)