Django

Code

Ticket #849 (closed: fixed)

Opened 3 years ago

Last modified 2 years ago

login_required redirects to pages without parameters and so loses them

Reported by: hugo Assigned to: adrian
Milestone: Component: Core framework
Version: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: 0 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description (Last modified by hugo)

This would allow accessing GET, POST or META stuff in the templates without the view function taking care of it. For example if using a login_required decorator, you could just put a <input type="hidden" name="next" value="{{ request.path }}" /> into the login.html template and have it automatically redirect to the secured form. Currently you need to pass the 'next' parameter to the form itself and use that to build the next field. And it's currently impossible to pass on request parameters to the logged in page.

Attachments

Change History

11/20/05 04:17:08 changed by hugo

  • description changed.

11/20/05 04:26:02 changed by hugo

  • priority changed from normal to high.
  • type changed from enhancement to defect.

An alternative - at least for my specific problem of redirecting from login to a page with parameters - would be to enhance the user_passes_test decorator to not only pass on request.path, but additionaly pass on parameters. But for that the HTTPRequest subclasses need to store the query string (environQUERY_STRING? in wsgi.py and _req.args in modpython.py) somewhere you can access directly without knowing what handler is used.

Since this actually breaks login_required for GET-parameterized pages, I change it from enhancement to defect and up the priority - this will most surely byte newbies when they have parameterized pages (like for example bookmarklets often are).

11/20/05 10:19:03 changed by adrian

  • status changed from new to closed.
  • resolution set to wontfix.

I'm marking this as a wontfix, because we want to encourage developers to put logic in the views, not in templates.

Feel free to write your own Context subclass that puts the request in the template context.

11/20/05 13:30:33 changed by hugo

  • status changed from closed to reopened.
  • resolution deleted.
  • summary changed from DjangoContext should fill in the request itself into the context to login_required redirects to pages without parameters and so loses them.

Ok, agreed, if you don't want the request in the Context - but then you need to fix the problem with parameterized pages using login_required, that's why I open this again. Because currently if you have a parameterized page that uses login_required, the login will redirect back to the original page _without_ the parameters. And that's most definitely irritating. I'm changing the title to reflect that fact.

03/13/06 02:58:35 changed by feiyu.xie@gmail.com

Hi there! Will this be fixed at all? It's pretty useful (at least to our project) to be able to preserve the parameters. Could it be a simple change to django/views/decorators/auth.py line 13 from "request.path" to "request.get_full_path()" (might need some encoding/escape, etc)?

05/13/06 00:19:54 changed by anonymous

  • status changed from reopened to closed.
  • resolution set to fixed.

05/13/06 00:20:08 changed by anonymous

  • status changed from closed to reopened.
  • resolution deleted.

05/21/06 21:47:18 changed by adrian

  • status changed from reopened to closed.
  • resolution set to fixed.

Fixed in [2954].

Add/Change #849 (login_required redirects to pages without parameters and so loses them)




Change Properties
Action