mirror of
https://github.com/django/django.git
synced 2024-12-25 10:35:48 +00:00
Fixed #159 -- Prevent the AdminSite
from logging users out when they try to log in form the logout page. Many thanks, ashchristopher.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17465 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
bd58612514
commit
03eeb020a0
8
django/contrib/admin/sites.py
Normal file → Executable file
8
django/contrib/admin/sites.py
Normal file → Executable file
@ -1,5 +1,5 @@
|
||||
from functools import update_wrapper
|
||||
from django import http
|
||||
from django.http import Http404, HttpResponseRedirect
|
||||
from django.contrib.admin import ModelAdmin, actions
|
||||
from django.contrib.admin.forms import AdminAuthenticationForm
|
||||
from django.contrib.auth import REDIRECT_FIELD_NAME
|
||||
@ -188,6 +188,10 @@ class AdminSite(object):
|
||||
"""
|
||||
def inner(request, *args, **kwargs):
|
||||
if not self.has_permission(request):
|
||||
if request.path == reverse('admin:logout',
|
||||
current_app=self.name):
|
||||
index_path = reverse('admin:index', current_app=self.name)
|
||||
return HttpResponseRedirect(index_path)
|
||||
return self.login(request)
|
||||
return view(request, *args, **kwargs)
|
||||
if not cacheable:
|
||||
@ -421,7 +425,7 @@ class AdminSite(object):
|
||||
'models': [model_dict],
|
||||
}
|
||||
if not app_dict:
|
||||
raise http.Http404('The requested admin page does not exist.')
|
||||
raise Http404('The requested admin page does not exist.')
|
||||
# Sort the models alphabetically within each app.
|
||||
app_dict['models'].sort(key=lambda x: x['name'])
|
||||
context = {
|
||||
|
28
tests/regressiontests/admin_views/tests.py
Normal file → Executable file
28
tests/regressiontests/admin_views/tests.py
Normal file → Executable file
@ -3385,3 +3385,31 @@ class AdminCustomSaveRelatedTests(TestCase):
|
||||
|
||||
self.assertEqual('Josh Stone', Parent.objects.latest('id').name)
|
||||
self.assertEqual([u'Catherine Stone', u'Paul Stone'], children_names)
|
||||
|
||||
|
||||
class AdminViewLogoutTest(TestCase):
|
||||
urls = "regressiontests.admin_views.urls"
|
||||
fixtures = ['admin-views-users.xml']
|
||||
|
||||
def setUp(self):
|
||||
self.client.login(username='super', password='secret')
|
||||
|
||||
def tearDown(self):
|
||||
self.client.logout()
|
||||
|
||||
def test_client_logout_url_can_be_used_to_login(self):
|
||||
response = self.client.get('/test_admin/admin/logout/')
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(response.template_name, 'registration/logged_out.html')
|
||||
self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/logout/')
|
||||
|
||||
# we are now logged out
|
||||
response = self.client.get('/test_admin/admin/logout/')
|
||||
self.assertEqual(response.status_code, 302) # we should be redirected to the login page.
|
||||
|
||||
# follow the redirect and test results.
|
||||
response = self.client.get('/test_admin/admin/logout/', follow=True)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(response.template_name, 'admin/login.html')
|
||||
self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/')
|
||||
self.assertContains(response, '<input type="hidden" name="next" value="/test_admin/admin/" />')
|
||||
|
Loading…
Reference in New Issue
Block a user