Opened 16 years ago

Closed 16 years ago

Last modified 12 years ago

#5801 closed (fixed)

GET parameters are ignored in redirect when user requests URL with GET parameters which needs login

Reported by: erevilla@… Owned by: erny
Component: Contrib apps Version: 1.0-alpha
Severity: Keywords: autentication login redirect staff_member_required
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

How to reproduce the error:

  • as anonymous user, request a page with GET parameters that needs login, e.g. <site>/admin/?test=1
  • login page is displayed
  • provide valid credentials and confirm
  • now you are logged in, but redirected to the URL without GET parameters

Attachments (3)

decorators.py.patch (939 bytes ) - added by erevilla@… 16 years ago.
Patch for contrib/admin/views/decorators.py to treat GET parameters in login-redirect cycle for pages which need login.
decorators.py.diff (1020 bytes ) - added by erny 16 years ago.
File converted to patch rules in contrib page (.diff and relative to django root)
admin_login.patch (10.2 KB ) - added by Rozza 16 years ago.
Full fix with tests

Download all attachments as: .zip

Change History (12)

by erevilla@…, 16 years ago

Attachment: decorators.py.patch added

Patch for contrib/admin/views/decorators.py to treat GET parameters in login-redirect cycle for pages which need login.

comment:1 by erny, 16 years ago

Owner: changed from nobody to erny

comment:2 by erny, 16 years ago

Status: newassigned

by erny, 16 years ago

Attachment: decorators.py.diff added

File converted to patch rules in contrib page (.diff and relative to django root)

comment:3 by Jacob, 16 years ago

Triage Stage: UnreviewedAccepted

comment:4 by Rozza, 16 years ago

On further investigation thanks to Russell Mailing list discussion I started writing tests to get the patch through triage.

I noticed that the behaviour was not the same between the decorator and going to admin direct - something totally missed in the original patch.

New patch incoming with tests :D

by Rozza, 16 years ago

Attachment: admin_login.patch added

Full fix with tests

comment:5 by Julien Phalip, 16 years ago

This looks like a duplicate of #5775

comment:6 by Rozza, 16 years ago

Julien - yes didn't see that ticket - yes is nearly a duplicate issue except the new patch handles all admin views not just the custom staff_member_required decorated views.

comment:7 by simon, 16 years ago

milestone: 1.0 beta
Version: SVN1.0-alpha

comment:8 by Jacob, 16 years ago

Resolution: fixed
Status: assignedclosed

(In [8271]) Fixed #5801: admin requests with GET args now get properly bounced through login with those args intact. Thanks for the patch, Rozza.

comment:9 by Jacob, 12 years ago

milestone: 1.0 beta

Milestone 1.0 beta deleted

Note: See TracTickets for help on using tickets.
Back to Top