Opened 9 years ago

Closed 8 years ago

Last modified 5 years ago

#5801 closed (fixed)

GET parameters are ignored in redirect when user requests URL with GET parameters which needs login

Reported by: erevilla@… Owned by: erny
Component: Contrib apps Version: 1.0-alpha
Severity: Keywords: autentication login redirect staff_member_required
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

How to reproduce the error:

  • as anonymous user, request a page with GET parameters that needs login, e.g. <site>/admin/?test=1
  • login page is displayed
  • provide valid credentials and confirm
  • now you are logged in, but redirected to the URL without GET parameters

Attachments (3)

decorators.py.patch (939 bytes) - added by erevilla@… 9 years ago.
Patch for contrib/admin/views/decorators.py to treat GET parameters in login-redirect cycle for pages which need login.
decorators.py.diff (1020 bytes) - added by erny 9 years ago.
File converted to patch rules in contrib page (.diff and relative to django root)
admin_login.patch (10.2 KB) - added by Rozza 8 years ago.
Full fix with tests

Download all attachments as: .zip

Change History (12)

Changed 9 years ago by erevilla@…

Attachment: decorators.py.patch added

Patch for contrib/admin/views/decorators.py to treat GET parameters in login-redirect cycle for pages which need login.

comment:1 Changed 9 years ago by erny

Owner: changed from nobody to erny

comment:2 Changed 9 years ago by erny

Status: newassigned

Changed 9 years ago by erny

Attachment: decorators.py.diff added

File converted to patch rules in contrib page (.diff and relative to django root)

comment:3 Changed 9 years ago by Jacob

Triage Stage: UnreviewedAccepted

comment:4 Changed 8 years ago by Rozza

On further investigation thanks to Russell Mailing list discussion I started writing tests to get the patch through triage.

I noticed that the behaviour was not the same between the decorator and going to admin direct - something totally missed in the original patch.

New patch incoming with tests :D

Changed 8 years ago by Rozza

Attachment: admin_login.patch added

Full fix with tests

comment:5 Changed 8 years ago by Julien Phalip

This looks like a duplicate of #5775

comment:6 Changed 8 years ago by Rozza

Julien - yes didn't see that ticket - yes is nearly a duplicate issue except the new patch handles all admin views not just the custom staff_member_required decorated views.

comment:7 Changed 8 years ago by simon

milestone: 1.0 beta
Version: SVN1.0-alpha

comment:8 Changed 8 years ago by Jacob

Resolution: fixed
Status: assignedclosed

(In [8271]) Fixed #5801: admin requests with GET args now get properly bounced through login with those args intact. Thanks for the patch, Rozza.

comment:9 Changed 5 years ago by Jacob

milestone: 1.0 beta

Milestone 1.0 beta deleted

Note: See TracTickets for help on using tickets.
Back to Top