Context Navigation

← Previous Ticket
Next Ticket →

#18467 closed Bug (fixed)

Login in from admin logout page should not logout again

Reported by:	Etienne Desautels	Owned by:	nobody
Component:	contrib.admin	Version:	1.4
Severity:	Normal	Keywords:
Cc:		Triage Stage:	Accepted
Has patch:	yes	Needs documentation:	no
Needs tests:	yes	Patch needs improvement:	no
Easy pickings:	no	UI/UX:	no

Description

Here's the scenario: a user work in the admin then log out (so he's now on the logout page) then quit the browser. Later he restart the browser, the browser reload his latest pages. The logout page show now the login form instead of the "Thanks" page. The user try to login and after logging in he's redirected to the logout page. That page log out the user.

I think the solution is, in the login method of AdminSite, to check if the redirection is set to the logout URL and change it to the home page. Something like this:

def login(self, request, extra_context=None):
        """
        Displays the login form for the given HttpRequest.
        """
        from django.contrib.auth.views import login
        full_path = request.get_full_path()
        if full_path.endswith(u'/logout/'):
            redirect = full_path[:-7]
        else:
            redirect = full_path
        context = {
            'title': _('Log in'),
            'app_path': full_path,
            REDIRECT_FIELD_NAME: redirect,
        }
        context.update(extra_context or {})
        defaults = {
            'extra_context': context,
            'current_app': self.name,
            'authentication_form': self.login_form or AdminAuthenticationForm,
            'template_name': self.login_template or 'admin/login.html',
        }
        return login(request, **defaults)

Change History (5)

comment:1 Changed 11 years ago by Julien Phalip

Triage Stage:	Unreviewed → Accepted

Accepted, although a named url should be used instead of the hardcoded '/logout/'.

comment:2 Changed 11 years ago by Etienne Desautels

So you mean something like this:

def login(self, request, extra_context=None):
        """
        Displays the login form for the given HttpRequest.
        """
        from django.contrib.auth.views import login
        from django.core.urlresolvers import reverse

        full_path = request.get_full_path()
        if request.path == reverse('admin:logout'):
            redirect = reverse('admin:index')
        else:
            redirect = full_path
        context = {
            'title': _('Log in'),
            'app_path': full_path,
            REDIRECT_FIELD_NAME: redirect,
        }
        context.update(extra_context or {})
        defaults = {
            'extra_context': context,
            'current_app': self.name,
            'authentication_form': self.login_form or AdminAuthenticationForm,
            'template_name': self.login_template or 'admin/login.html',
        }
        return login(request, **defaults)

comment:3 Changed 11 years ago by Etienne Desautels

Just a small note: no need to import reverse() in the real code.

Last edited 11 years ago by Etienne Desautels (previous) (diff)

comment:4 Changed 11 years ago by Julien Phalip

Has patch:	set
Needs tests:	set

Yes that's right, that's what I meant :)

comment:5 Changed 11 years ago by Jan Bednařík

Resolution:	→ fixed
Status:	new → closed

Duplicate of #159

Note: See TracTickets for help on using tickets.

Download in other formats:

Issues