ensure redirect to index if no justice id regardless of route hit

controlpanel/frontend/urls.py

@@ -8,6 +8,7 @@
 urlpatterns = [
     path("", views.IndexView.as_view(), name="index"),
     path("oidc/entraid/auth/", views.EntraIdAuthView.as_view(), name="entraid-auth"),
+    path("oidc/callback/", views.EntraOIDCAuthenticationCallbackView.as_view(), name="entra_callback"),
     path("oidc/logout/", views.LogoutView.as_view(), name="oidc_logout"),
     path("datasources/", views.AdminBucketList.as_view(), name="list-all-datasources"),
     path(

controlpanel/frontend/views/__init__.py

@@ -8,7 +8,7 @@
 
 # First-party/Local
 from controlpanel.frontend.views.accessibility import Accessibility
-from controlpanel.frontend.views.auth import EntraIdAuthView
+from controlpanel.frontend.views.auth import EntraIdAuthView, EntraOIDCAuthenticationCallbackView
 
 # isort: off
 from controlpanel.frontend.views.app import (

controlpanel/frontend/views/auth.py

@@ -9,6 +9,7 @@
 from django.http import HttpResponseRedirect, Http404
 from django.urls import reverse
 from django.views import View
+from mozilla_django_oidc.views import OIDCAuthenticationCallbackView
 
 # First-party/Local
 from controlpanel.oidc import OIDCLoginRequiredMixin, oauth
@@ -62,3 +63,17 @@ def update_user(self, token):
         email = token["userinfo"]["email"]
         self.request.user.justice_email = email
         self.request.user.save()
+
+
+class EntraOIDCAuthenticationCallbackView(OIDCAuthenticationCallbackView):
+    """
+    This view is used to redirect to the index page if the user has not
+    authenticated with their justice email.
+    """
+    def get(self, request):
+        response = super().get(request)
+
+        if self.user.justice_email is not None:
+            return response
+
+        return HttpResponseRedirect(reverse("index"))