Changeset 8877 for django/branches/0.91-bugfixes
- Timestamp:
- 09/02/08 16:10:00 (3 months ago)
- Files:
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
django/branches/0.91-bugfixes/django/contrib/admin/templates/admin/login.html
r1068 r8877 18 18 <label for="id_password">{% trans 'Password:' %}</label> <input type="password" name="password" id="id_password" /> 19 19 <input type="hidden" name="this_is_the_login_form" value="1" /> 20 <input type="hidden" name="post_data" value="{{ post_data }}" />{% comment %} <span class="help">{% trans 'Have you <a href="/password_reset/">forgotten your password</a>?' %}</span>{% endcomment %}21 20 </p> 22 21 django/branches/0.91-bugfixes/django/contrib/admin/views/decorators.py
r7529 r8877 5 5 from django.utils.html import escape 6 6 from django.utils.translation import gettext_lazy 7 import base64, datetime, md5 8 import cPickle as pickle 7 import base64, datetime 9 8 10 9 ERROR_MESSAGE = gettext_lazy("Please enter a correct username and password. Note that both fields are case-sensitive.") … … 13 12 def _display_login_form(request, error_message=''): 14 13 request.session.set_test_cookie() 15 if request.POST and request.POST.has_key('post_data'):16 # User has failed login BUT has previously saved post data.17 post_data = request.POST['post_data']18 elif request.POST:19 # User's session must have expired; save their post data.20 post_data = _encode_post_data(request.POST)21 else:22 post_data = _encode_post_data({})23 14 return render_to_response('admin/login', { 24 15 'title': _('Log in'), 25 16 'app_path': escape(request.path), 26 'post_data': post_data,27 17 'error_message': error_message 28 18 }, context_instance=DjangoContext(request)) 29 30 def _encode_post_data(post_data):31 pickled = pickle.dumps(post_data)32 pickled_md5 = md5.new(pickled + SECRET_KEY).hexdigest()33 return base64.encodestring(pickled + pickled_md5)34 35 def _decode_post_data(encoded_data):36 encoded_data = base64.decodestring(encoded_data)37 pickled, tamper_check = encoded_data[:-32], encoded_data[-32:]38 if md5.new(pickled + SECRET_KEY).hexdigest() != tamper_check:39 from django.core.exceptions import SuspiciousOperation40 raise SuspiciousOperation, "User may have tampered with session cookie."41 return pickle.loads(pickled)42 19 43 20 def staff_member_required(view_func): … … 49 26 if not request.user.is_anonymous() and request.user.is_staff: 50 27 # The user is valid. Continue to the admin page. 51 if request.POST.has_key('post_data'):52 # User must have re-authenticated through a different window53 # or tab.54 request.POST = _decode_post_data(request.POST['post_data'])55 28 return view_func(request, *args, **kwargs) 56 29 … … 60 33 if not request.POST.has_key(LOGIN_FORM_KEY): 61 34 if request.POST: 62 message = _("Please log in again, because your session has expired. Don't worry: Your submission has been saved.")35 message = _("Please log in again, because your session has expired.") 63 36 else: 64 37 message = "" … … 92 65 user.last_login = datetime.datetime.now() 93 66 user.save() 94 if request.POST.has_key('post_data'): 95 post_data = _decode_post_data(request.POST['post_data']) 96 if post_data and not post_data.has_key(LOGIN_FORM_KEY): 97 # overwrite request.POST with the saved post_data, and continue 98 request.POST = post_data 99 request.user = user 100 return view_func(request, *args, **kwargs) 101 else: 102 request.session.delete_test_cookie() 103 return httpwrappers.HttpResponseRedirect(request.path) 67 return httpwrappers.HttpResponseRedirect(request.path) 104 68 else: 105 69 return _display_login_form(request, ERROR_MESSAGE)
