Code

#19265 closed Cleanup/optimization (wontfix)

deprecate redirect_to_login

Reported by: ptone Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Design decision needed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

redirect_to_login is documented as the only "helper" function in contrib.auth - but what it does is relatively useless.

By itself, it does nothing to ensure that the destination can only be reached by logged in users.

Presumably, if you want to only send someone to a url after logging in, you would just use @login_required on the destination, and let it handle the redirection.

This mildly implies that you are somehow limiting who gets to the redirected destination - which of course is not true.

This is as much about cleaning up the docs, as having it documented implies that it has some value, of which I'm pretty much missing.

Attachments (0)

Change History (2)

comment:1 Changed 20 months ago by ssidorenko

  • Triage Stage changed from Accepted to Design decision needed

Hi, redirect_to_login is actually used by @login_required, and you can actually find a case where it is used in a standalone way in contrib/flatpages/views.py :

 53     # If registration is required for accessing this page, and the user isn't
 54     # logged in, redirect to the login page.
 55     if f.registration_required and not request.user.is_authenticated():
 56         from django.contrib.auth.views import redirect_to_login
 57         return redirect_to_login(request.path)

comment:2 Changed 16 months ago by aaugustin

  • Resolution set to wontfix
  • Status changed from new to closed

redirect_to_login is meant to be called from a view function, if you're implementing custom access control.

I agree that it isn't often useful, but it doesn't really hurt either, and I don't see much value in removing it without providing a replacement.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.