use normal login form for admin

Author: Bernhard Posselt

CHANGELOG.md

@@ -2,6 +2,12 @@
 
 ## [Unreleased] 
 
+## [3.0.1] - 2017-11-15
+
+### Security
+
+- Require admin users to log in over the rate limited default login form
+
 ## [3.0.0] - 2017-11-15
 
 ### Security

nextcloudappstore/urls.py

@@ -5,8 +5,8 @@
 from django.conf.urls import url, include
 from django.conf.urls.i18n import i18n_patterns
 from django.contrib import admin
+from django.contrib.auth.decorators import login_required
 from django.views.decorators.http import etag
-from django.views.generic import RedirectView
 
 from nextcloudappstore.core.caching import app_rating_etag
 from nextcloudappstore.core.feeds import AppReleaseAtomFeed, AppReleaseRssFeed
@@ -15,6 +15,8 @@
     AppRegisterView
 from nextcloudappstore.scaffolding.views import AppScaffoldingView
 
+admin.site.login = login_required(admin.site.login)
+
 urlpatterns = [
     url(r'^$', CategoryAppListView.as_view(), {'id': None}, name='home'),
     url(r"^signup/$", csp_update(**settings.CSP_SIGNUP)(signup),