Opened 12 years ago

Closed 12 years ago

#18467 closed Bug (fixed)

Login in from admin logout page should not logout again

Reported by: Etienne Desautels Owned by: nobody
Component: contrib.admin Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Here's the scenario: a user work in the admin then log out (so he's now on the logout page) then quit the browser. Later he restart the browser, the browser reload his latest pages. The logout page show now the login form instead of the "Thanks" page. The user try to login and after logging in he's redirected to the logout page. That page log out the user.

I think the solution is, in the login method of AdminSite, to check if the redirection is set to the logout URL and change it to the home page. Something like this:

def login(self, request, extra_context=None):
        """
        Displays the login form for the given HttpRequest.
        """
        from django.contrib.auth.views import login
        full_path = request.get_full_path()
        if full_path.endswith(u'/logout/'):
            redirect = full_path[:-7]
        else:
            redirect = full_path
        context = {
            'title': _('Log in'),
            'app_path': full_path,
            REDIRECT_FIELD_NAME: redirect,
        }
        context.update(extra_context or {})
        defaults = {
            'extra_context': context,
            'current_app': self.name,
            'authentication_form': self.login_form or AdminAuthenticationForm,
            'template_name': self.login_template or 'admin/login.html',
        }
        return login(request, **defaults)

Change History (5)

comment:1 by Julien Phalip, 12 years ago

Triage Stage: UnreviewedAccepted

Accepted, although a named url should be used instead of the hardcoded '/logout/'.

comment:2 by Etienne Desautels, 12 years ago

So you mean something like this:

def login(self, request, extra_context=None):
        """
        Displays the login form for the given HttpRequest.
        """
        from django.contrib.auth.views import login
        from django.core.urlresolvers import reverse

        full_path = request.get_full_path()
        if request.path == reverse('admin:logout'):
            redirect = reverse('admin:index')
        else:
            redirect = full_path
        context = {
            'title': _('Log in'),
            'app_path': full_path,
            REDIRECT_FIELD_NAME: redirect,
        }
        context.update(extra_context or {})
        defaults = {
            'extra_context': context,
            'current_app': self.name,
            'authentication_form': self.login_form or AdminAuthenticationForm,
            'template_name': self.login_template or 'admin/login.html',
        }
        return login(request, **defaults)

comment:3 by Etienne Desautels, 12 years ago

Just a small note: no need to import reverse() in the real code.

Last edited 12 years ago by Etienne Desautels (previous) (diff)

comment:4 by Julien Phalip, 12 years ago

Has patch: set
Needs tests: set

Yes that's right, that's what I meant :)

comment:5 by Jan Bednařík, 12 years ago

Resolution: fixed
Status: newclosed

Duplicate of #159

Note: See TracTickets for help on using tickets.
Back to Top