Overriding Django Admin with AllAuth

Question

I don't feel that the original django admin login is secure, so I want to have /admin always redirect to my AllAuth login page, even if the user is logged in.

urls.py

admin.site.login = login_required(admin.site.login)

This will redirect users from the django admin login page if they are not logged in, but it does not redirect users if they ARE logged in. So they can still brute force it. How do I edit the login_required decorator to check for is_superuser.

Answer 1

You can use:

from django.contrib.auth.decorators import user_passes_test

admin.site.login  = user_passes_test(lambda u: u.is_superuser)(admin.site.login)