Ticket #15198: 15198-3.diff

File 15198-3.diff, 3.2 KB (added by claudep, 3 years ago)

Remove cookie test in login view

  • django/contrib/admin/forms.py

    diff --git a/django/contrib/admin/forms.py b/django/contrib/admin/forms.py
    index f1e7076..70e55f8 100644
    a b class AdminAuthenticationForm(AuthenticationForm): 
    2929                raise forms.ValidationError(message)
    3030            elif not self.user_cache.is_active or not self.user_cache.is_staff:
    3131                raise forms.ValidationError(message)
    32         self.check_for_test_cookie()
    3332        return self.cleaned_data
  • django/contrib/auth/forms.py

    diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
    index b44bc8b..e14119c 100644
    a b class AuthenticationForm(forms.Form): 
    150150    error_messages = {
    151151        'invalid_login': _("Please enter a correct username and password. "
    152152                           "Note that both fields are case-sensitive."),
    153         'no_cookies': _("Your Web browser doesn't appear to have cookies "
    154                         "enabled. Cookies are required for logging in."),
    155153        'inactive': _("This account is inactive."),
    156154    }
    157155
    158156    def __init__(self, request=None, *args, **kwargs):
    159157        """
    160         If request is passed in, the form will validate that cookies are
    161         enabled. Note that the request (a HttpRequest object) must have set a
    162         cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before
    163         running this validation.
     158        The 'request' parameter was historically set to test for cookie
     159        support (now obsoleted by csrf checks). It has been kept for potential
     160        subclasses usage.
    164161        """
    165162        self.request = request
    166163        self.user_cache = None
    class AuthenticationForm(forms.Form): 
    183180                    self.error_messages['invalid_login'])
    184181            elif not self.user_cache.is_active:
    185182                raise forms.ValidationError(self.error_messages['inactive'])
    186         self.check_for_test_cookie()
    187183        return self.cleaned_data
    188184
    189185    def check_for_test_cookie(self):
    190         if self.request and not self.request.session.test_cookie_worked():
    191             raise forms.ValidationError(self.error_messages['no_cookies'])
     186        warnings.warn("check_for_test_cookie is deprecated; but don't forget to "
     187            "CRSF-protect your login view.", PendingDeprecationWarning)
    192188
    193189    def get_user_id(self):
    194190        if self.user_cache:
  • django/contrib/auth/views.py

    diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
    index 2562a63..1dc204d 100644
    a b def login(request, template_name='registration/login.html', 
    3535    redirect_to = request.REQUEST.get(redirect_field_name, '')
    3636
    3737    if request.method == "POST":
    38         form = authentication_form(data=request.POST)
     38        form = authentication_form(request, data=request.POST)
    3939        if form.is_valid():
    4040            # Use default setting if redirect_to is empty
    4141            if not redirect_to:
    def login(request, template_name='registration/login.html', 
    5858    else:
    5959        form = authentication_form(request)
    6060
    61     request.session.set_test_cookie()
    62 
    6361    current_site = get_current_site(request)
    6462
    6563    context = {
Back to Top