Opened 12 years ago
Closed 12 years ago
#18467 closed Bug (fixed)
Login in from admin logout page should not logout again
Reported by: | Etienne Desautels | Owned by: | nobody |
---|---|---|---|
Component: | contrib.admin | Version: | 1.4 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | yes | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
Here's the scenario: a user work in the admin then log out (so he's now on the logout page) then quit the browser. Later he restart the browser, the browser reload his latest pages. The logout page show now the login form instead of the "Thanks" page. The user try to login and after logging in he's redirected to the logout page. That page log out the user.
I think the solution is, in the login method of AdminSite, to check if the redirection is set to the logout URL and change it to the home page. Something like this:
def login(self, request, extra_context=None): """ Displays the login form for the given HttpRequest. """ from django.contrib.auth.views import login full_path = request.get_full_path() if full_path.endswith(u'/logout/'): redirect = full_path[:-7] else: redirect = full_path context = { 'title': _('Log in'), 'app_path': full_path, REDIRECT_FIELD_NAME: redirect, } context.update(extra_context or {}) defaults = { 'extra_context': context, 'current_app': self.name, 'authentication_form': self.login_form or AdminAuthenticationForm, 'template_name': self.login_template or 'admin/login.html', } return login(request, **defaults)
Change History (5)
comment:1 by , 12 years ago
Triage Stage: | Unreviewed → Accepted |
---|
comment:2 by , 12 years ago
So you mean something like this:
def login(self, request, extra_context=None): """ Displays the login form for the given HttpRequest. """ from django.contrib.auth.views import login from django.core.urlresolvers import reverse full_path = request.get_full_path() if request.path == reverse('admin:logout'): redirect = reverse('admin:index') else: redirect = full_path context = { 'title': _('Log in'), 'app_path': full_path, REDIRECT_FIELD_NAME: redirect, } context.update(extra_context or {}) defaults = { 'extra_context': context, 'current_app': self.name, 'authentication_form': self.login_form or AdminAuthenticationForm, 'template_name': self.login_template or 'admin/login.html', } return login(request, **defaults)
comment:3 by , 12 years ago
Just a smal note: no need to import reverse() in the real code.
comment:4 by , 12 years ago
Has patch: | set |
---|---|
Needs tests: | set |
Yes that's right, that's what I meant :)
Accepted, although a named url should be used instead of the hardcoded '/logout/'.