Opened 5 years ago

Closed 5 years ago

#19265 closed Cleanup/optimization (wontfix)

deprecate redirect_to_login

Reported by: Preston Holmes Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


redirect_to_login is documented as the only "helper" function in contrib.auth - but what it does is relatively useless.

By itself, it does nothing to ensure that the destination can only be reached by logged in users.

Presumably, if you want to only send someone to a url after logging in, you would just use @login_required on the destination, and let it handle the redirection.

This mildly implies that you are somehow limiting who gets to the redirected destination - which of course is not true.

This is as much about cleaning up the docs, as having it documented implies that it has some value, of which I'm pretty much missing.

Change History (2)

comment:1 Changed 5 years ago by Semion Sidorenko

Triage Stage: AcceptedDesign decision needed

Hi, redirect_to_login is actually used by @login_required, and you can actually find a case where it is used in a standalone way in contrib/flatpages/ :

 53     # If registration is required for accessing this page, and the user isn't
 54     # logged in, redirect to the login page.
 55     if f.registration_required and not request.user.is_authenticated():
 56         from django.contrib.auth.views import redirect_to_login
 57         return redirect_to_login(request.path)

comment:2 Changed 5 years ago by Aymeric Augustin

Resolution: wontfix
Status: newclosed

redirect_to_login is meant to be called from a view function, if you're implementing custom access control.

I agree that it isn't often useful, but it doesn't really hurt either, and I don't see much value in removing it without providing a replacement.

Note: See TracTickets for help on using tickets.
Back to Top