Opened 3 years ago

Closed 2 years ago

#18467 closed Bug (fixed)

Login in from admin logout page should not logout again

Reported by: etienned Owned by: nobody
Component: contrib.admin Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Here's the scenario: a user work in the admin then log out (so he's now on the logout page) then quit the browser. Later he restart the browser, the browser reload his latest pages. The logout page show now the login form instead of the "Thanks" page. The user try to login and after logging in he's redirected to the logout page. That page log out the user.

I think the solution is, in the login method of AdminSite, to check if the redirection is set to the logout URL and change it to the home page. Something like this:

def login(self, request, extra_context=None):
        """
        Displays the login form for the given HttpRequest.
        """
        from django.contrib.auth.views import login
        full_path = request.get_full_path()
        if full_path.endswith(u'/logout/'):
            redirect = full_path[:-7]
        else:
            redirect = full_path
        context = {
            'title': _('Log in'),
            'app_path': full_path,
            REDIRECT_FIELD_NAME: redirect,
        }
        context.update(extra_context or {})
        defaults = {
            'extra_context': context,
            'current_app': self.name,
            'authentication_form': self.login_form or AdminAuthenticationForm,
            'template_name': self.login_template or 'admin/login.html',
        }
        return login(request, **defaults)

Change History (5)

comment:1 Changed 3 years ago by julien

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

Accepted, although a named url should be used instead of the hardcoded '/logout/'.

comment:2 Changed 3 years ago by etienned

So you mean something like this:

def login(self, request, extra_context=None):
        """
        Displays the login form for the given HttpRequest.
        """
        from django.contrib.auth.views import login
        from django.core.urlresolvers import reverse

        full_path = request.get_full_path()
        if request.path == reverse('admin:logout'):
            redirect = reverse('admin:index')
        else:
            redirect = full_path
        context = {
            'title': _('Log in'),
            'app_path': full_path,
            REDIRECT_FIELD_NAME: redirect,
        }
        context.update(extra_context or {})
        defaults = {
            'extra_context': context,
            'current_app': self.name,
            'authentication_form': self.login_form or AdminAuthenticationForm,
            'template_name': self.login_template or 'admin/login.html',
        }
        return login(request, **defaults)

comment:3 Changed 3 years ago by etienned

Just a small note: no need to import reverse() in the real code.

Last edited 3 years ago by etienned (previous) (diff)

comment:4 Changed 3 years ago by julien

  • Has patch set
  • Needs tests set

Yes that's right, that's what I meant :)

comment:5 Changed 2 years ago by Architekt

  • Resolution set to fixed
  • Status changed from new to closed

Duplicate of #159

Note: See TracTickets for help on using tickets.
Back to Top