Code

Opened 7 years ago

Closed 7 years ago

#3407 closed (fixed)

[patch] added 'default_next' parameter to django.core.auth.views.login

Reported by: imbaczek@… Owned by: nobody
Component: contrib.admin Version: master
Severity: Keywords: auth login next
Cc: treborhudson@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

just as in #377, having default next hardcoded doesn't feel good, pythonic, etc., but a simple hack has come to remedy that:

Index: views.py
===================================================================
--- views.py    (wersja 4454)
+++ views.py    (kopia robocza)
@@ -8,7 +8,7 @@
 from django.contrib.auth.decorators import login_required
 from django.contrib.auth import LOGIN_URL, REDIRECT_FIELD_NAME

-def login(request, template_name='registration/login.html'):
+def login(request, template_name='registration/login.html', default_next='/accounts/profile/'):
     "Displays the login form and handles the login action."
     manipulator = AuthenticationForm(request)
     redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, '')
@@ -17,7 +17,7 @@
         if not errors:
             # Light security check -- make sure redirect_to isn't garbage.
             if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
-                redirect_to = '/accounts/profile/'
+                redirect_to = default_next
             from django.contrib.auth import login
             login(request, manipulator.get_user())
             request.session.delete_test_cookie()

I'm aware that it's not a generic view, but it doesn't make sense for so much to be hardcoded just for what seems purely naming reasons.

Attachments (1)

django_auth_views_login_provide_next.diff (1.0 KB) - added by imbaczek@… 7 years ago.
default_next login view parameter

Download all attachments as: .zip

Change History (5)

Changed 7 years ago by imbaczek@…

default_next login view parameter

comment:1 Changed 7 years ago by Rob Hudson <treborhudson@…>

  • Cc treborhudson@… added
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

A somewhat related bug #3372 about password_change defaulting to /accounts/profile/ because it's decorated with the login_required decorator.

I think having the LOGIN_URL variable be a global_settings.py variable that can be set in settings.py would solve both.

-Rob

comment:2 Changed 7 years ago by Rob Hudson <treborhudson@…>

Sorry, I read this as /accounts/profile/ not /accounts/login/. Disregard the previous comment about LOGIN_URL solving both bugs.

This bug can be dealt with by putting a default next in the login template, but I agree that this type of logic should be in the Python code, not the template.

comment:3 Changed 7 years ago by Simon G. <dev@…>

  • Component changed from Uncategorized to Admin interface
  • Owner changed from jacob to adrian
  • Triage Stage changed from Unreviewed to Accepted

comment:4 Changed 7 years ago by ubernostrum

  • Resolution set to fixed
  • Status changed from new to closed

This has apparently been fixed in a different fashion; the login view takes a redirect_field_name argument which looks at the URL to determine where to redirect, and falls back to settings.LOGIN_REDIRECT_URL as a default.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.