#849 closed defect (fixed)
login_required redirects to pages without parameters and so loses them
| Reported by: | hugo | Owned by: | Adrian Holovaty |
|---|---|---|---|
| Component: | Core (Other) | Version: | |
| Severity: | normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
This would allow accessing GET, POST or META stuff in the templates without the view function taking care of it. For example if using a login_required decorator, you could just put a <input type="hidden" name="next" value="{{ request.path }}" /> into the login.html template and have it automatically redirect to the secured form. Currently you need to pass the 'next' parameter to the form itself and use that to build the next field. And it's currently impossible to pass on request parameters to the logged in page.
Change History (8)
comment:1 by , 18 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 18 years ago
| priority: | normal → high |
|---|---|
| Type: | enhancement → defect |
comment:3 by , 18 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
I'm marking this as a wontfix, because we want to encourage developers to put logic in the views, not in templates.
Feel free to write your own Context subclass that puts the request in the template context.
comment:4 by , 18 years ago
| Resolution: | wontfix |
|---|---|
| Status: | closed → reopened |
| Summary: | DjangoContext should fill in the request itself into the context → login_required redirects to pages without parameters and so loses them |
Ok, agreed, if you don't want the request in the Context - but then you need to fix the problem with parameterized pages using login_required, that's why I open this again. Because currently if you have a parameterized page that uses login_required, the login will redirect back to the original page _without_ the parameters. And that's most definitely irritating. I'm changing the title to reflect that fact.
comment:5 by , 18 years ago
Hi there! Will this be fixed at all? It's pretty useful (at least to our project) to be able to preserve the parameters. Could it be a simple change to django/views/decorators/auth.py line 13 from "request.path" to "request.get_full_path()" (might need some encoding/escape, etc)?
comment:6 by , 18 years ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
comment:7 by , 18 years ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
An alternative - at least for my specific problem of redirecting from login to a page with parameters - would be to enhance the user_passes_test decorator to not only pass on request.path, but additionaly pass on parameters. But for that the HTTPRequest subclasses need to store the query string (environQUERY_STRING in wsgi.py and _req.args in modpython.py) somewhere you can access directly without knowing what handler is used.
Since this actually breaks login_required for GET-parameterized pages, I change it from enhancement to defect and up the priority - this will most surely byte newbies when they have parameterized pages (like for example bookmarklets often are).