Opened 17 years ago

Closed 17 years ago

#3407 closed (fixed)

[patch] added 'default_next' parameter to django.core.auth.views.login

Reported by: imbaczek@… Owned by: nobody
Component: contrib.admin Version: dev
Severity: Keywords: auth login next
Cc: treborhudson@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

just as in #377, having default next hardcoded doesn't feel good, pythonic, etc., but a simple hack has come to remedy that:

Index: views.py
===================================================================
--- views.py    (wersja 4454)
+++ views.py    (kopia robocza)
@@ -8,7 +8,7 @@
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth import LOGIN_URL, REDIRECT_FIELD_NAME

-def login(request, template_name='registration/login.html'):
+def login(request, template_name='registration/login.html', default_next='/accounts/profile/'):
     "Displays the login form and handles the login action."
     manipulator = AuthenticationForm(request)
     redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
@@ -17,7 +17,7 @@
         if not errors:
             # Light security check -- make sure redirect_to isn't garbage.
             if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
-                redirect_to = '/accounts/profile/'
+                redirect_to = default_next
             from django.contrib.auth import login
             login(request, manipulator.get_user())
             request.session.delete_test_cookie()

I'm aware that it's not a generic view, but it doesn't make sense for so much to be hardcoded just for what seems purely naming reasons.

Attachments (1)

django_auth_views_login_provide_next.diff (1.0 KB ) - added by imbaczek@… 17 years ago.
default_next login view parameter

Download all attachments as: .zip

Change History (5)

by imbaczek@…, 17 years ago

default_next login view parameter

comment:1 by Rob Hudson <treborhudson@…>, 17 years ago

Cc: treborhudson@… added

A somewhat related bug #3372 about password_change defaulting to /accounts/profile/ because it's decorated with the login_required decorator.

I think having the LOGIN_URL variable be a global_settings.py variable that can be set in settings.py would solve both.

-Rob

comment:2 by Rob Hudson <treborhudson@…>, 17 years ago

Sorry, I read this as /accounts/profile/ not /accounts/login/. Disregard the previous comment about LOGIN_URL solving both bugs.

This bug can be dealt with by putting a default next in the login template, but I agree that this type of logic should be in the Python code, not the template.

comment:3 by Simon G. <dev@…>, 17 years ago

Component: UncategorizedAdmin interface
Owner: changed from Jacob to Adrian Holovaty
Triage Stage: UnreviewedAccepted

comment:4 by James Bennett, 17 years ago

Resolution: fixed
Status: newclosed

This has apparently been fixed in a different fashion; the login view takes a redirect_field_name argument which looks at the URL to determine where to redirect, and falls back to settings.LOGIN_REDIRECT_URL as a default.

Note: See TracTickets for help on using tickets.
Back to Top