Failed logins are recorded as HTTP 200 instead of HTTP 403
|Reported by:||Mark Litwintschik||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Attempting to login to the Django admin with an incorrect username and password combination logs the event as an
[10/Mar/2015 10:24:06] "POST /admin/login/?next=/admin/ HTTP/1.0" 200 2074
I would expect that it would be recorded as a 403.
django.contrib.admin.forms.AdminAuthenticationForm raises a
forms.ValidationError if the login is invalid but there is nothing out of the box that will record the response as HTTP 403.