Code

Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#14405 closed (wontfix)

problem in login view

Reported by: bayazee Owned by: nobody
Component: contrib.auth Version: 1.2
Severity: Keywords: login
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: no
Easy pickings: UI/UX:

Description

If we use Django default auth views, after a login in website we can reopen login page and see this empty form.

I think the login view (django.contrib.auth.views.login) must be redirect to other page if user is already loged in.

Attachments (4)

patch-14405.diff (2.1 KB) - added by christandiono 4 years ago.
patch
patch-14405.2.diff (1.6 KB) - added by christandiono 4 years ago.
Actually i like this patch a little better.
patch-14405.3.diff (1.8 KB) - added by bayazee 4 years ago.
patch-14405.4.diff (1.7 KB) - added by christandiono 4 years ago.

Download all attachments as: .zip

Change History (15)

comment:1 follow-up: Changed 4 years ago by christandiono

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

What's your settings.LOGIN_REDIRECT_URL? The default login view should redirect you automatically...

comment:2 in reply to: ↑ 1 Changed 4 years ago by bayazee

Replying to christandiono:

What's your settings.LOGIN_REDIRECT_URL? The default login view should redirect you automatically...

yes, it is work. but whats happen if some user use login url or we have some links to login page.
in this situation we can see empty login page again !!
and i think this is a bug.

Changed 4 years ago by christandiono

patch

comment:3 Changed 4 years ago by christandiono

Hmm, so it does. This patch would seem to fix it...

Changed 4 years ago by christandiono

Actually i like this patch a little better.

comment:4 Changed 4 years ago by anonymous

  • Has patch set
  • Needs tests set

Changed 4 years ago by bayazee

comment:5 Changed 4 years ago by bayazee

but i think we must redirect user to redirect_to variable before any check or process of POST data.
redirecting to redirect_to after processing POST data may have security issue!
so i attach a new patch that i think is better to fix this ticket

comment:6 Changed 4 years ago by christandiono

Ah, that's true. A few exclusive ORs might have helped, maybe. I figured the second patch might reduce server load a bit.

Changed 4 years ago by christandiono

comment:7 Changed 4 years ago by bayazee

Huum. But i think exclusive ORs is not good idea here.
If you trace possible states you see if a user already authenticated more than one IF will be run, and if a user not authenticated we run some IFs with exclusive ORs that in some cases 2nd part will be executed too.
so i think using one IF check is not bad and is inevitable

comment:8 Changed 4 years ago by christandiono

I'm not sure what you're saying. What, exactly, is the problem with using more than one IF statement? Due to short circuit evaluation no code will be evaluated that doesn't need to be, unless someone decides to try something funny and POSTs as an authenticated user or something else weird.

comment:9 Changed 4 years ago by bayazee

Huum.
Yes, I rechecked your code and i think it's better.
:D ;)

comment:10 Changed 3 years ago by rasca

  • Resolution set to wontfix
  • Status changed from new to closed

I'll mark this as wontfix, because it would be a backwards incompatible change.

Feel free to bring this up on django-dev if you believe otherwise.

comment:11 Changed 3 years ago by jacob

  • milestone 1.3 deleted

Milestone 1.3 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.