Removed the this_is_the_login_form hack

Refs #21911. Now that we have a more traditional login form, we don't need any more a special field telling us we are dealing with the login form.
2025-10-24 06:06:09 +00:00 · 2014-02-02 23:16:07 +01:00
parent be0ad62994
commit 343dfff133
5 changed files with 22 additions and 42 deletions
--- a/django/contrib/admin/forms.py
+++ b/django/contrib/admin/forms.py
@@ -4,30 +4,23 @@ from django import forms

 from django.contrib.auth import authenticate
 from django.contrib.auth.forms import AuthenticationForm
-from django.utils.translation import ugettext_lazy
-
-ERROR_MESSAGE = ugettext_lazy("Please enter the correct %(username)s and password "
-        "for a staff account. Note that both fields may be case-sensitive.")
+from django.utils.translation import ugettext_lazy as _


 class AdminAuthenticationForm(AuthenticationForm):
    """
    A custom authentication form used in the admin app.
-
    """
-    this_is_the_login_form = forms.BooleanField(widget=forms.HiddenInput, initial=1,
-        error_messages={'required': ugettext_lazy("Please log in again, because your session has expired.")})
+    error_messages = {
+        'invalid_login': _("Please enter the correct %(username)s and password "
+                           "for a staff account. Note that both fields may be "
+                           "case-sensitive."),
+    }

-    def clean(self):
-        username = self.cleaned_data.get('username')
-        password = self.cleaned_data.get('password')
-        message = ERROR_MESSAGE
-        params = {'username': self.username_field.verbose_name}
-
-        if username and password:
-            self.user_cache = authenticate(username=username, password=password)
-            if self.user_cache is None:
-                raise forms.ValidationError(message, code='invalid', params=params)
-            elif not self.user_cache.is_active or not self.user_cache.is_staff:
-                raise forms.ValidationError(message, code='invalid', params=params)
-        return self.cleaned_data
+    def confirm_login_allowed(self, user):
+        if not user.is_active or not user.is_staff:
+            raise forms.ValidationError(
+                self.error_messages['invalid_login'],
+                code='invalid_login',
+                params={'username': self.username_field.verbose_name}
+            )
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@@ -15,8 +15,6 @@ from django.utils.translation import ugettext_lazy, ugettext as _
 from django.views.decorators.cache import never_cache
 from django.conf import settings

-LOGIN_FORM_KEY = 'this_is_the_login_form'
-

 class AlreadyRegistered(Exception):
    pass
@@ -193,8 +191,6 @@ class AdminSite(object):
        cacheable=True.
        """
        def inner(request, *args, **kwargs):
-            if LOGIN_FORM_KEY in request.POST and request.user.is_authenticated():
-                auth_logout(request)
            if not self.has_permission(request):
                if request.path == reverse('admin:logout', current_app=self.name):
                    index_path = reverse('admin:index', current_app=self.name)
--- a/django/contrib/admin/templates/admin/login.html
+++ b/django/contrib/admin/templates/admin/login.html
@@ -12,14 +12,14 @@
 {% block breadcrumbs %}{% endblock %}

 {% block content %}
-{% if form.errors and not form.non_field_errors and not form.this_is_the_login_form.errors %}
+{% if form.errors and not form.non_field_errors %}
 <p class="errornote">
 {% if form.errors.items|length == 1 %}{% trans "Please correct the error below." %}{% else %}{% trans "Please correct the errors below." %}{% endif %}
 </p>
 {% endif %}

-{% if form.non_field_errors or form.this_is_the_login_form.errors %}
-{% for error in form.non_field_errors|add:form.this_is_the_login_form.errors %}
+{% if form.non_field_errors %}
+{% for error in form.non_field_errors %}
 <p class="errornote">
    {{ error }}
 </p>
@@ -29,13 +29,12 @@
 <div id="content-main">
 <form action="{{ app_path }}" method="post" id="login-form">{% csrf_token %}
  <div class="form-row">
-    {% if not form.this_is_the_login_form.errors %}{{ form.username.errors }}{% endif %}
+    {{ form.username.errors }}
    <label for="id_username" class="required">{{ form.username.label }}:</label> {{ form.username }}
  </div>
  <div class="form-row">
-    {% if not form.this_is_the_login_form.errors %}{{ form.password.errors }}{% endif %}
+    {{ form.password.errors }}
    <label for="id_password" class="required">{% trans 'Password:' %}</label> {{ form.password }}
-    <input type="hidden" name="this_is_the_login_form" value="1" />
    <input type="hidden" name="next" value="{{ next }}" />
  </div>
  {% url 'admin_password_reset' as password_reset_url %}