id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
25032	When /admin/login/ is accessed directly, there is 302 /admin/login/ after POST, and only then 302 /admin/	Jan Pazdziora	nobody	"While investigating the behaviour for https://code.djangoproject.com/ticket/25030 in more detail, I've noticed that when I access (unauthenticated, via GET) /admin/login/ directly, the access_log shows

{{{
GET /admin/login/ HTTP/1.1"" 200 1716
POST /admin/login/ HTTP/1.1"" 302 - 
GET /admin/login/ HTTP/1.1"" 302 - 
GET /admin/ HTTP/1.1"" 200 2826
}}}

The result of the form submission (the POST) is redirect to /admin/login/ again. It seems to be caused by

{{{
        if (REDIRECT_FIELD_NAME not in request.GET and
                REDIRECT_FIELD_NAME not in request.POST):
            context[REDIRECT_FIELD_NAME] = request.get_full_path()
}}}

When REDIRECT_FIELD_NAME is missing, why is the redirect going to /admin/login/ again? Wouldn't /admin/ be a better target?

Of course, the

{{{
        if request.method == 'GET' and self.has_permission(request):
            # Already logged-in, redirect to admin index
            index_path = reverse('admin:index', current_app=self.name)
            return HttpResponseRedirect(index_path)
}}}

will eventually throw it back to /admin/.

This might seem like nitpicking but figuring out correct intended behaviour seems essential when I'm attempting to make changes to it to better support external authentication."	Cleanup/optimization	closed	contrib.admin	dev	Normal	fixed			Accepted	1	0	0	0	0	0