Code

#18467 closed Bug (fixed)

Login in from admin logout page should not logout again

Reported by: etienned Owned by: nobody
Component: contrib.admin Version: 1.4
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: yes Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Here's the scenario: a user work in the admin then log out (so he's now on the logout page) then quit the browser. Later he restart the browser, the browser reload his latest pages. The logout page show now the login form instead of the "Thanks" page. The user try to login and after logging in he's redirected to the logout page. That page log out the user.

I think the solution is, in the login method of AdminSite, to check if the redirection is set to the logout URL and change it to the home page. Something like this:

def login(self, request, extra_context=None):
        """
        Displays the login form for the given HttpRequest.
        """
        from django.contrib.auth.views import login
        full_path = request.get_full_path()
        if full_path.endswith(u'/logout/'):
            redirect = full_path[:-7]
        else:
            redirect = full_path
        context = {
            'title': _('Log in'),
            'app_path': full_path,
            REDIRECT_FIELD_NAME: redirect,
        }
        context.update(extra_context or {})
        defaults = {
            'extra_context': context,
            'current_app': self.name,
            'authentication_form': self.login_form or AdminAuthenticationForm,
            'template_name': self.login_template or 'admin/login.html',
        }
        return login(request, **defaults)

Attachments (0)

Change History (5)

comment:1 Changed 22 months ago by julien

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

Accepted, although a named url should be used instead of the hardcoded '/logout/'.

comment:2 Changed 22 months ago by etienned

So you mean something like this:

def login(self, request, extra_context=None):
        """
        Displays the login form for the given HttpRequest.
        """
        from django.contrib.auth.views import login
        from django.core.urlresolvers import reverse

        full_path = request.get_full_path()
        if request.path == reverse('admin:logout'):
            redirect = reverse('admin:index')
        else:
            redirect = full_path
        context = {
            'title': _('Log in'),
            'app_path': full_path,
            REDIRECT_FIELD_NAME: redirect,
        }
        context.update(extra_context or {})
        defaults = {
            'extra_context': context,
            'current_app': self.name,
            'authentication_form': self.login_form or AdminAuthenticationForm,
            'template_name': self.login_template or 'admin/login.html',
        }
        return login(request, **defaults)

comment:3 Changed 22 months ago by etienned

Just a small note: no need to import reverse() in the real code.

Last edited 22 months ago by etienned (previous) (diff)

comment:4 Changed 22 months ago by julien

  • Has patch set
  • Needs tests set

Yes that's right, that's what I meant :)

comment:5 Changed 18 months ago by Architekt

  • Resolution set to fixed
  • Status changed from new to closed

Duplicate of #159

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.