fix(headless): Login while already logged in to return 409

ChangeLog.rst

@@ -1,7 +1,8 @@
 64.1.0 (unreleased)
 *******************
 
-- ...
+- Headless: When trying to login while a user is already logged in, you now get
+  a 409.
 
 
 64.0.0 (2024-07-31)

allauth/headless/account/tests/test_login.py

@@ -171,3 +171,18 @@ def test_login_rate_limit(
         )
         expected_status = 429 if attempt else 200
         assert resp.status_code == expected_status
+
+
+def test_login_already_logged_in(
+    auth_client, user, user_password, settings, headless_reverse
+):
+    settings.ACCOUNT_AUTHENTICATION_METHOD = "email"
+    resp = auth_client.post(
+        headless_reverse("headless:account:login"),
+        data={
+            "email": user.email,
+            "password": user_password,
+        },
+        content_type="application/json",
+    )
+    assert resp.status_code == 409

allauth/headless/account/views.py

@@ -74,6 +74,8 @@ class LoginView(APIView):
     input_class = LoginInput
 
     def post(self, request, *args, **kwargs):
+        if request.user.is_authenticated:
+            return ConflictResponse(request)
         credentials = self.input.cleaned_data
         user = get_account_adapter().authenticate(self.request, **credentials)
         if user:

docs/headless/openapi-specification/openapi.yaml

@@ -125,6 +125,13 @@ paths:
                   $ref: "#/components/examples/UnauthenticatedPendingEmailVerification"
                 pending_2fa:
                   $ref: "#/components/examples/UnauthenticatedPending2FA"
+        "409":
+          description: |
+            Conflict. For example, when logging in when a user is already logged in.
+          content:
+            application/json:
+              schema:
+                $ref: "#/components/schemas/ConflictResponse"
   /_allauth/{client}/v1/auth/signup:
     post:
       tags: