Ticket #7776: 7776-delete-cookie.diff
| File 7776-delete-cookie.diff, 2.3 KB (added by , 16 years ago) |
|---|
-
django/contrib/admin/sites.py
254 254 user.save() 255 255 if request.POST.has_key('post_data'): 256 256 post_data = _decode_post_data(request.POST['post_data']) 257 request.session.delete_test_cookie() 257 258 if post_data and not post_data.has_key(LOGIN_FORM_KEY): 258 259 # overwrite request.POST with the saved post_data, and continue 259 260 request.POST = post_data 260 261 request.user = user 261 262 return self.root(request, request.path.split(self.root_path)[-1]) 262 263 else: 263 request.session.delete_test_cookie()264 264 return http.HttpResponseRedirect(request.path) 265 265 else: 266 266 return self.display_login_form(request, ERROR_MESSAGE) -
tests/regressiontests/admin_views/tests.py
158 158 # Change User should not have access to add articles 159 159 self.client.get('/test_admin/admin/') 160 160 self.client.post('/test_admin/admin/', self.changeuser_login) 161 # make sure the view removes test cookie 162 self.failUnlessEqual(self.client.session.test_cookie_worked(), False) 161 163 request = self.client.get('/test_admin/admin/admin_views/article/add/') 162 164 self.failUnlessEqual(request.status_code, 403) 163 165 # Try POST just to make sure … … 187 189 self.assertContains(post, 'Please log in again, because your session has expired.') 188 190 self.super_login['post_data'] = _encode_post_data(add_dict) 189 191 post = self.client.post('/test_admin/admin/admin_views/article/add/', self.super_login) 192 # make sure the view removes test cookie 193 self.failUnlessEqual(self.client.session.test_cookie_worked(), False) 190 194 self.assertRedirects(post, '/test_admin/admin/admin_views/article/') 191 195 self.failUnlessEqual(Article.objects.all().count(), 4) 192 196 self.client.get('/test_admin/admin/logout/')