Ticket #5999: nfa-expired-session-5999.patch

File nfa-expired-session-5999.patch, 2.4 KB (added by Michael Newman, 11 years ago)

New patch with tests, applied against r7609

  • django/contrib/admin/sites.py

     
    113113            return self.logout(request)
    114114
    115115        if not self.has_permission(request):
    116             return self.login(request)
    117 
    118 
     116            response = self.login(request)
     117            if response:
     118                # make sure that there is a response before returning
     119                # this addresses any post data that might persist from
     120                # expired sessions and continue through (#5999)
     121                return response
     122               
    119123        if url == '':
    120124            return self.index(request)
    121125        elif url == 'password_change':
     
    245249                        # overwrite request.POST with the saved post_data, and continue
    246250                        request.POST = post_data
    247251                        request.user = user
    248                         return view_func(request, *args, **kwargs)
     252                        return
    249253                    else:
    250254                        request.session.delete_test_cookie()
    251255                        return http.HttpResponseRedirect(request.path)
  • tests/regressiontests/admin_views/tests.py

     
    145145        self.failUnlessEqual(Article.objects.all().count(), 3)
    146146        self.client.get('/test_admin/admin/logout/')
    147147       
     148        # Check and make sure that if user expires, data still persists
     149        post = self.client.post('/test_admin/admin/admin_views/article/add/', add_dict)
     150        self.assertContains(post, 'Please log in again, because your session has expired.')
     151        self.super_login['post_data'] = _encode_post_data(add_dict)
     152        post = self.client.post('/test_admin/admin/admin_views/article/add/', self.super_login)
     153        self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
     154        self.failUnlessEqual(Article.objects.all().count(), 4)
     155        self.client.get('/test_admin/admin/logout/')
     156       
     157       
    148158    def testChangeView(self):
    149159        """Change view should restrict access and allow users to edit items."""
    150160       
Back to Top