Fixed #3185 -- Made values for login, logout and post-login redirect URLs

configurable. This is a combined patch from Vasily Sulatskov, Marc Fargas and
Collin Grady.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5072 bcc190cf-cafb-0310-a4f2-bffc1f526a37

django/conf/global_settings.py

@@ -312,6 +312,12 @@ BANNED_IPS = ()
 
 AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend',)
 
+LOGIN_URL = '/accounts/login/'
+
+LOGOUT_URL = '/accounts/logout/'
+
+LOGIN_REDIRECT_URL = '/accounts/profile/'
+
 ###########
 # TESTING #
 ###########

django/contrib/auth/__init__.py

@@ -2,7 +2,6 @@ from django.core.exceptions import ImproperlyConfigured
 
 SESSION_KEY = '_auth_user_id'
 BACKEND_SESSION_KEY = '_auth_user_backend'
-LOGIN_URL = '/accounts/login/'
 REDIRECT_FIELD_NAME = 'next'
 
 def load_backend(path):

django/contrib/auth/decorators.py

@@ -1,13 +1,16 @@
-from django.contrib.auth import LOGIN_URL, REDIRECT_FIELD_NAME
+from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.http import HttpResponseRedirect
 from urllib import quote
 
-def user_passes_test(test_func, login_url=LOGIN_URL):
+def user_passes_test(test_func, login_url=None):
     """
     Decorator for views that checks that the user passes the given test,
     redirecting to the log-in page if necessary. The test should be a callable
     that takes the user object and returns True if the user passes.
     """
+    if not login_url:
+        from django.conf import settings
+        login_url = settings.LOGIN_URL
     def _dec(view_func):
         def _checklogin(request, *args, **kwargs):
             if test_func(request.user):
@@ -27,7 +30,7 @@ login_required.__doc__ = (
     """
     )
 
-def permission_required(perm, login_url=LOGIN_URL):
+def permission_required(perm, login_url=None):
     """
     Decorator for views that checks whether a user has a particular permission
     enabled, redirecting to the log-in page if necessary.

django/contrib/auth/views.py

@@ -6,7 +6,7 @@ from django.template import RequestContext
 from django.contrib.sites.models import Site
 from django.http import HttpResponseRedirect
 from django.contrib.auth.decorators import login_required
-from django.contrib.auth import LOGIN_URL, REDIRECT_FIELD_NAME
+from django.contrib.auth import REDIRECT_FIELD_NAME
 
 def login(request, template_name='registration/login.html'):
     "Displays the login form and handles the login action."
@@ -17,7 +17,8 @@ def login(request, template_name='registration/login.html'):
         if not errors:
             # Light security check -- make sure redirect_to isn't garbage.
             if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
-                redirect_to = '/accounts/profile/'
+                from django.conf import settings
+                redirect_to = settings.LOGIN_REDIRECT_URL
             from django.contrib.auth import login
             login(request, manipulator.get_user())
             request.session.delete_test_cookie()
@@ -41,12 +42,18 @@ def logout(request, next_page=None, template_name='registration/logged_out.html'
         # Redirect to this page until the session has been cleared.
         return HttpResponseRedirect(next_page or request.path)
 
-def logout_then_login(request, login_url=LOGIN_URL):
+def logout_then_login(request, login_url=None):
     "Logs out the user if he is logged in. Then redirects to the log-in page."
+    if not login_url:
+        from django.conf import settings
+        login_url = settings.LOGIN_URL
     return logout(request, login_url)
 
-def redirect_to_login(next, login_url=LOGIN_URL):
+def redirect_to_login(next, login_url=None):
     "Redirects the user to the login page, passing the given 'next' page"
+    if not login_url:
+        from django.conf import settings
+        login_url = settings.LOGIN_URL
     return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, next))
 
 def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html',

django/contrib/comments/templates/comments/form.html

@@ -3,7 +3,7 @@
 <form {% if photos_optional or photos_required %}enctype="multipart/form-data" {% endif %}action="/comments/post/" method="post">
 
 {% if user.is_authenticated %}
-<p>{% trans "Username:" %} <strong>{{ user.username }}</strong> (<a href="/accounts/logout/">{% trans "Log out" %}</a>)</p>
+<p>{% trans "Username:" %} <strong>{{ user.username }}</strong> (<a href="{{ logout_url }}">{% trans "Log out" %}</a>)</p>
 {% else %}
 <p><label for="id_username">{% trans "Username:" %}</label> <input type="text" name="username" id="id_username" /><br />{% trans "Password:" %} <input type="password" name="password" id="id_password" /> (<a href="/accounts/password_reset/">{% trans "Forgotten your password?" %}</a>)</p>
 {% endif %}

django/contrib/comments/templatetags/comments.py

@@ -25,6 +25,7 @@ class CommentFormNode(template.Node):
         self.is_public = is_public
 
     def render(self, context):
+        from django.conf import settings
         from django.utils.text import normalize_newlines
         import base64
         context.push()
@@ -64,6 +65,7 @@ class CommentFormNode(template.Node):
             if self.rating_options:
                 context['rating_range'], context['rating_choices'] = Comment.objects.get_rating_options(self.rating_options)
             context['hash'] = Comment.objects.get_security_hash(context['options'], context['photo_options'], context['rating_options'], context['target'])
+            context['logout_url'] = settings.LOGOUT_URL
             default_form = loader.get_template(COMMENT_FORM)
         output = default_form.render(context)
         context.pop()