Code

Opened 6 years ago

Closed 6 years ago

Last modified 3 years ago

#5801 closed (fixed)

GET parameters are ignored in redirect when user requests URL with GET parameters which needs login

Reported by: erevilla@… Owned by: erny
Component: Contrib apps Version: 1.0-alpha
Severity: Keywords: autentication login redirect staff_member_required
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

How to reproduce the error:

  • as anonymous user, request a page with GET parameters that needs login, e.g. <site>/admin/?test=1
  • login page is displayed
  • provide valid credentials and confirm
  • now you are logged in, but redirected to the URL without GET parameters

Attachments (3)

decorators.py.patch (939 bytes) - added by erevilla@… 6 years ago.
Patch for contrib/admin/views/decorators.py to treat GET parameters in login-redirect cycle for pages which need login.
decorators.py.diff (1020 bytes) - added by erny 6 years ago.
File converted to patch rules in contrib page (.diff and relative to django root)
admin_login.patch (10.2 KB) - added by Rozza 6 years ago.
Full fix with tests

Download all attachments as: .zip

Change History (12)

Changed 6 years ago by erevilla@…

Patch for contrib/admin/views/decorators.py to treat GET parameters in login-redirect cycle for pages which need login.

comment:1 Changed 6 years ago by erny

  • Needs documentation unset
  • Needs tests unset
  • Owner changed from nobody to erny
  • Patch needs improvement unset

comment:2 Changed 6 years ago by erny

  • Status changed from new to assigned

Changed 6 years ago by erny

File converted to patch rules in contrib page (.diff and relative to django root)

comment:3 Changed 6 years ago by jacob

  • Triage Stage changed from Unreviewed to Accepted

comment:4 Changed 6 years ago by Rozza

On further investigation thanks to Russell Mailing list discussion I started writing tests to get the patch through triage.

I noticed that the behaviour was not the same between the decorator and going to admin direct - something totally missed in the original patch.

New patch incoming with tests :D

Changed 6 years ago by Rozza

Full fix with tests

comment:5 Changed 6 years ago by julien

This looks like a duplicate of #5775

comment:6 Changed 6 years ago by Rozza

Julien - yes didn't see that ticket - yes is nearly a duplicate issue except the new patch handles all admin views not just the custom staff_member_required decorated views.

comment:7 Changed 6 years ago by simon

  • milestone set to 1.0 beta
  • Version changed from SVN to 1.0-alpha

comment:8 Changed 6 years ago by jacob

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [8271]) Fixed #5801: admin requests with GET args now get properly bounced through login with those args intact. Thanks for the patch, Rozza.

comment:9 Changed 3 years ago by jacob

  • milestone 1.0 beta deleted

Milestone 1.0 beta deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.