Code

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#6083 closed (fixed)

contrib.auth still uses oldforms

Reported by: telenieko Owned by: brosner
Component: Contrib apps Version: master
Severity: Keywords: auth forms newforms oldforms
Cc: roppert Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: UI/UX:

Description

Could not find a ticket stating it so here it is.
the title says it all :)

Attachments (7)

auth-uses-newforms.diff (20.5 KB) - added by cogat 6 years ago.
auth-uses-newforms-2.diff (20.6 KB) - added by dstndstn@… 6 years ago.
includes a one-liner update for delete_test_cookie() problem
auth-uses-newforms-3.diff (20.0 KB) - added by Michael Newman <newmaniese@…> 6 years ago.
Fixed reference to comments.auth.py and added fix to admin.templates.admin.auth.user.change_password.html for new forms and slight change to the way contrib.auth.forms.AdminPasswordChangeForm cleans the form, and changed auth.views.py to use AdminPasswordChangeForm instead of the now nonexistent old form way
03-newforms-auth.diff (18.6 KB) - added by Petr Marhoun <petr.marhoun@…> 6 years ago.
auth-uses-oldforms-3.diff (22.6 KB) - added by Michael Newman <newmaniese@…> 6 years ago.
fixes a few issues and changes the user add view into newforms
6083_nfa_newforms_auth.diff (21.7 KB) - added by brosner 6 years ago.
patch against newforms-admin.
6083_newforms_auth2.diff (33.5 KB) - added by brosner 6 years ago.
more complete with tests and docs. looking for feedback.

Download all attachments as: .zip

Change History (22)

comment:1 Changed 6 years ago by Simon G <dev@…>

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

comment:2 Changed 6 years ago by Greg Turner <greg@…>

  • Owner changed from nobody to anonymous
  • Status changed from new to assigned

comment:3 Changed 6 years ago by cogat

  • Owner changed from anonymous to cogat
  • Status changed from assigned to new

comment:4 Changed 6 years ago by cogat

  • Has patch set
  • Keywords auth forms newforms oldforms added
  • Needs documentation set
  • Needs tests set

I've made the changes to contrib.auth (my first Django patch!). The oldforms are used in contrib.admin and contrib.comments, and I have patched these too. Contrib.admin now uses the newforms in authentication forms. contrib.comments subclasses the oldform AuthenticationForm, and has heavy reliance on validators so I made a copy of AuthenticationForm and put it in comments.py.

I'll update the documentation if the approach seems sound. Shall I also update the newforms branch?

Changed 6 years ago by cogat

comment:5 Changed 6 years ago by brosner

Marked #6318 as duplicate. It has a patch as well so perhaps they needed to be merged unless they really accomplished the same exact thing with little differences.

comment:6 Changed 6 years ago by dstndstn@…

I encountered the following error when using Django's test framework fake web client (django.test.client.Client):

----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/gmaps/test/tilecache/an/portal/test_login.py", line 72, in testLoginWorks
    resp = self.client.post(self.loginurl, { 'username': self.u1, 'password': self.p1 })
  File "/home/gmaps/django-test//lib/python2.4/site-packages/django/test/client.py", line 238, in post
    return self.request(**r)
  File "/home/gmaps/django-test//lib/python2.4/site-packages/django/core/handlers/base.py", line 82, in get_response
    response = callback(request, *callback_args, **callback_kwargs)
  File "/home/gmaps/django-test//lib/python2.4/site-packages/django/contrib/auth/views.py", line 23, in login
    request.session.delete_test_cookie()
  File "/home/gmaps/django-test//lib/python2.4/site-packages/django/contrib/sessions/backends/base.py", line 69, in delete_test_cookie
    del self[self.TEST_COOKIE_NAME]
  File "/home/gmaps/django-test//lib/python2.4/site-packages/django/contrib/sessions/backends/base.py", line 38, in __delitem__
    del self._session[key]
KeyError: 'testcookie'

----------------------------------------------------------------------

And this was happening because I was just POSTing to the login form with the "username" and "password" values without setting the test cookie. Then sessions.delete_test_cookie() tries to delete the cookie regardless of whether it exists or not (this seems like a bug to me...), and instead of getting an error message or anything, it just crashes. I added a one-liner fix:

--- views.py-old        2008-01-18 00:08:10.000000000 +0000
+++ views.py    2008-01-18 00:08:19.000000000 +0000
@@ -20,7 +20,8 @@
                 redirect_to = settings.LOGIN_REDIRECT_URL
             from django.contrib.auth import login
             login(request, form.get_user())
-            request.session.delete_test_cookie()
+            if request.session.test_cookie_worked():
+                request.session.delete_test_cookie()
             return HttpResponseRedirect(redirect_to)
     else:
         form = AuthenticationForm(request=request)

The updated patch I will attach contains this tweak and is against a more recent SVN rev so the patch applies cleanly.

Changed 6 years ago by dstndstn@…

includes a one-liner update for delete_test_cookie() problem

Changed 6 years ago by Michael Newman <newmaniese@…>

Fixed reference to comments.auth.py and added fix to admin.templates.admin.auth.user.change_password.html for new forms and slight change to the way contrib.auth.forms.AdminPasswordChangeForm cleans the form, and changed auth.views.py to use AdminPasswordChangeForm instead of the now nonexistent old form way

comment:7 Changed 6 years ago by roppert

  • Cc roppert added

Changed 6 years ago by Petr Marhoun <petr.marhoun@…>

comment:8 Changed 6 years ago by Petr Marhoun <petr.marhoun@…>

I tried another approach for this problem - not to remove oldforms versions, but to add newforms version only. I think it is not necessary to force everybody to port authorization code at once.

Another idea is to port "post data" logins (without redirections, with saving of post data) from oldforms-admin and newforms-admin to auth - so newforms-admin wouldn't need any authorization code. New parameter extra_context (#5298) is necessary for it - newforms-admin needs more context variables.

I am not sure that this patch works fully - I have checked only some forms. (It should be part of bigger series of tickets which is not ready.) I mean my patch mainly as a comment now. (I read about this ticket today on django-developers.)

Changed 6 years ago by Michael Newman <newmaniese@…>

fixes a few issues and changes the user add view into newforms

comment:9 Changed 6 years ago by Michael Newman <newmaniese@…>

  • Patch needs improvement set

This new patch does not have an import of django.contrib.auth.admin in it, because while using auth multiple calls need to be made to models, auth (init), forms, etc. I never received a design decision from https://groups.google.com/group/django-developers/browse_thread/thread/ba8b115b74d6e502 . I would like to take Petr's patch to Django Devs as well, it is my opinion that as new forms merges into the trunk switches need to be made to all of admin and, in all reality, the switch of Auth would be relatively automatic.

Changed 6 years ago by brosner

patch against newforms-admin.

comment:10 Changed 6 years ago by brosner

  • Owner changed from cogat to brosner

I have added a patch against newforms-admin. I will eventually be committing the final patch there. My patch current breaks comments since it had dependancy on the oldforms AuthenticationForm. I will be looking more into whether just moving the oldforms version over will be correct way.

comment:11 Changed 6 years ago by brosner

  • Status changed from new to assigned

comment:12 Changed 6 years ago by brosner

Development of this patch can be found at http://github.com/brosner/django/tree/newforms_auth

Changed 6 years ago by brosner

more complete with tests and docs. looking for feedback.

comment:13 Changed 6 years ago by brosner

  • Needs documentation unset
  • Needs tests unset

I have attached a more complete version of the patch. I have moved some files in django.contrib.auth.tests to make it easier for other parts of the app.

comment:14 Changed 6 years ago by brosner

  • Resolution set to fixed
  • Status changed from assigned to closed

(In [7191]) newforms-admin: Fixed #6083 -- Updated django.contrib.auth to use newforms. A big thanks to Greg Turner, Michael Newman and Petr Marhoun.

comment:15 Changed 6 years ago by gwilson

(In [7525]) newforms-admin: Cleaned up imports, refs #6083.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.