mirror of
https://github.com/django/django.git
synced 2025-10-23 21:59:11 +00:00
Fixed #15552 -- LOGIN_URL and LOGIN_REDIRECT_URL can take URLpattern names.
Thanks UloPe and Eric Florenzano for the patch, and Malcolm Tredinnick for review.
This commit is contained in:
@@ -8,6 +8,7 @@ from django.contrib.auth import REDIRECT_FIELD_NAME
|
|||||||
from django.core.exceptions import PermissionDenied
|
from django.core.exceptions import PermissionDenied
|
||||||
from django.utils.decorators import available_attrs
|
from django.utils.decorators import available_attrs
|
||||||
from django.utils.encoding import force_str
|
from django.utils.encoding import force_str
|
||||||
|
from django.shortcuts import resolve_url
|
||||||
|
|
||||||
|
|
||||||
def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
|
def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIELD_NAME):
|
||||||
@@ -23,11 +24,10 @@ def user_passes_test(test_func, login_url=None, redirect_field_name=REDIRECT_FIE
|
|||||||
if test_func(request.user):
|
if test_func(request.user):
|
||||||
return view_func(request, *args, **kwargs)
|
return view_func(request, *args, **kwargs)
|
||||||
path = request.build_absolute_uri()
|
path = request.build_absolute_uri()
|
||||||
# urlparse chokes on lazy objects in Python 3
|
resolved_login_url = resolve_url(login_url or settings.LOGIN_URL)
|
||||||
login_url_as_str = force_str(login_url or settings.LOGIN_URL)
|
|
||||||
# If the login url is the same scheme and net location then just
|
# If the login url is the same scheme and net location then just
|
||||||
# use the path as the "next" url.
|
# use the path as the "next" url.
|
||||||
login_scheme, login_netloc = urlparse(login_url_as_str)[:2]
|
login_scheme, login_netloc = urlparse(resolved_login_url)[:2]
|
||||||
current_scheme, current_netloc = urlparse(path)[:2]
|
current_scheme, current_netloc = urlparse(path)[:2]
|
||||||
if ((not login_scheme or login_scheme == current_scheme) and
|
if ((not login_scheme or login_scheme == current_scheme) and
|
||||||
(not login_netloc or login_netloc == current_netloc)):
|
(not login_netloc or login_netloc == current_netloc)):
|
||||||
|
@@ -25,7 +25,7 @@ class LoginRequiredTestCase(AuthViewsTestCase):
|
|||||||
pass
|
pass
|
||||||
login_required(normal_view)
|
login_required(normal_view)
|
||||||
|
|
||||||
def testLoginRequired(self, view_url='/login_required/', login_url=settings.LOGIN_URL):
|
def testLoginRequired(self, view_url='/login_required/', login_url='/login/'):
|
||||||
"""
|
"""
|
||||||
Check that login_required works on a simple view wrapped in a
|
Check that login_required works on a simple view wrapped in a
|
||||||
login_required decorator.
|
login_required decorator.
|
||||||
|
@@ -7,9 +7,9 @@ from django.conf import settings
|
|||||||
from django.core.urlresolvers import reverse
|
from django.core.urlresolvers import reverse
|
||||||
from django.http import HttpResponseRedirect, QueryDict
|
from django.http import HttpResponseRedirect, QueryDict
|
||||||
from django.template.response import TemplateResponse
|
from django.template.response import TemplateResponse
|
||||||
from django.utils.encoding import force_str
|
|
||||||
from django.utils.http import base36_to_int
|
from django.utils.http import base36_to_int
|
||||||
from django.utils.translation import ugettext as _
|
from django.utils.translation import ugettext as _
|
||||||
|
from django.shortcuts import resolve_url
|
||||||
from django.views.decorators.debug import sensitive_post_parameters
|
from django.views.decorators.debug import sensitive_post_parameters
|
||||||
from django.views.decorators.cache import never_cache
|
from django.views.decorators.cache import never_cache
|
||||||
from django.views.decorators.csrf import csrf_protect
|
from django.views.decorators.csrf import csrf_protect
|
||||||
@@ -38,16 +38,16 @@ def login(request, template_name='registration/login.html',
|
|||||||
if request.method == "POST":
|
if request.method == "POST":
|
||||||
form = authentication_form(data=request.POST)
|
form = authentication_form(data=request.POST)
|
||||||
if form.is_valid():
|
if form.is_valid():
|
||||||
netloc = urlparse(redirect_to)[1]
|
|
||||||
|
|
||||||
# Use default setting if redirect_to is empty
|
# Use default setting if redirect_to is empty
|
||||||
if not redirect_to:
|
if not redirect_to:
|
||||||
redirect_to = settings.LOGIN_REDIRECT_URL
|
redirect_to = settings.LOGIN_REDIRECT_URL
|
||||||
|
redirect_to = resolve_url(redirect_to)
|
||||||
|
|
||||||
|
netloc = urlparse(redirect_to)[1]
|
||||||
# Heavier security check -- don't allow redirection to a different
|
# Heavier security check -- don't allow redirection to a different
|
||||||
# host.
|
# host.
|
||||||
elif netloc and netloc != request.get_host():
|
if netloc and netloc != request.get_host():
|
||||||
redirect_to = settings.LOGIN_REDIRECT_URL
|
redirect_to = resolve_url(settings.LOGIN_REDIRECT_URL)
|
||||||
|
|
||||||
# Okay, security checks complete. Log the user in.
|
# Okay, security checks complete. Log the user in.
|
||||||
auth_login(request, form.get_user())
|
auth_login(request, form.get_user())
|
||||||
@@ -110,6 +110,7 @@ def logout_then_login(request, login_url=None, current_app=None, extra_context=N
|
|||||||
"""
|
"""
|
||||||
if not login_url:
|
if not login_url:
|
||||||
login_url = settings.LOGIN_URL
|
login_url = settings.LOGIN_URL
|
||||||
|
login_url = resolve_url(login_url)
|
||||||
return logout(request, login_url, current_app=current_app, extra_context=extra_context)
|
return logout(request, login_url, current_app=current_app, extra_context=extra_context)
|
||||||
|
|
||||||
def redirect_to_login(next, login_url=None,
|
def redirect_to_login(next, login_url=None,
|
||||||
@@ -117,10 +118,9 @@ def redirect_to_login(next, login_url=None,
|
|||||||
"""
|
"""
|
||||||
Redirects the user to the login page, passing the given 'next' page
|
Redirects the user to the login page, passing the given 'next' page
|
||||||
"""
|
"""
|
||||||
# urlparse chokes on lazy objects in Python 3
|
resolved_url = resolve_url(login_url or settings.LOGIN_URL)
|
||||||
login_url_as_str = force_str(login_url or settings.LOGIN_URL)
|
|
||||||
|
|
||||||
login_url_parts = list(urlparse(login_url_as_str))
|
login_url_parts = list(urlparse(resolved_url))
|
||||||
if redirect_field_name:
|
if redirect_field_name:
|
||||||
querystring = QueryDict(login_url_parts[4], mutable=True)
|
querystring = QueryDict(login_url_parts[4], mutable=True)
|
||||||
querystring[redirect_field_name] = next
|
querystring[redirect_field_name] = next
|
||||||
@@ -229,7 +229,7 @@ def password_reset_complete(request,
|
|||||||
template_name='registration/password_reset_complete.html',
|
template_name='registration/password_reset_complete.html',
|
||||||
current_app=None, extra_context=None):
|
current_app=None, extra_context=None):
|
||||||
context = {
|
context = {
|
||||||
'login_url': settings.LOGIN_URL
|
'login_url': resolve_url(settings.LOGIN_URL)
|
||||||
}
|
}
|
||||||
if extra_context is not None:
|
if extra_context is not None:
|
||||||
context.update(extra_context)
|
context.update(extra_context)
|
||||||
|
@@ -66,23 +66,7 @@ def redirect(to, *args, **kwargs):
|
|||||||
else:
|
else:
|
||||||
redirect_class = HttpResponseRedirect
|
redirect_class = HttpResponseRedirect
|
||||||
|
|
||||||
# If it's a model, use get_absolute_url()
|
return redirect_class(resolve_url(to, *args, **kwargs))
|
||||||
if hasattr(to, 'get_absolute_url'):
|
|
||||||
return redirect_class(to.get_absolute_url())
|
|
||||||
|
|
||||||
# Next try a reverse URL resolution.
|
|
||||||
try:
|
|
||||||
return redirect_class(urlresolvers.reverse(to, args=args, kwargs=kwargs))
|
|
||||||
except urlresolvers.NoReverseMatch:
|
|
||||||
# If this is a callable, re-raise.
|
|
||||||
if callable(to):
|
|
||||||
raise
|
|
||||||
# If this doesn't "feel" like a URL, re-raise.
|
|
||||||
if '/' not in to and '.' not in to:
|
|
||||||
raise
|
|
||||||
|
|
||||||
# Finally, fall back and assume it's a URL
|
|
||||||
return redirect_class(to)
|
|
||||||
|
|
||||||
def _get_queryset(klass):
|
def _get_queryset(klass):
|
||||||
"""
|
"""
|
||||||
@@ -128,3 +112,34 @@ def get_list_or_404(klass, *args, **kwargs):
|
|||||||
raise Http404('No %s matches the given query.' % queryset.model._meta.object_name)
|
raise Http404('No %s matches the given query.' % queryset.model._meta.object_name)
|
||||||
return obj_list
|
return obj_list
|
||||||
|
|
||||||
|
def resolve_url(to, *args, **kwargs):
|
||||||
|
"""
|
||||||
|
Return a URL appropriate for the arguments passed.
|
||||||
|
|
||||||
|
The arguments could be:
|
||||||
|
|
||||||
|
* A model: the model's `get_absolute_url()` function will be called.
|
||||||
|
|
||||||
|
* A view name, possibly with arguments: `urlresolvers.reverse()` will
|
||||||
|
be used to reverse-resolve the name.
|
||||||
|
|
||||||
|
* A URL, which will be returned as-is.
|
||||||
|
|
||||||
|
"""
|
||||||
|
# If it's a model, use get_absolute_url()
|
||||||
|
if hasattr(to, 'get_absolute_url'):
|
||||||
|
return to.get_absolute_url()
|
||||||
|
|
||||||
|
# Next try a reverse URL resolution.
|
||||||
|
try:
|
||||||
|
return urlresolvers.reverse(to, args=args, kwargs=kwargs)
|
||||||
|
except urlresolvers.NoReverseMatch:
|
||||||
|
# If this is a callable, re-raise.
|
||||||
|
if callable(to):
|
||||||
|
raise
|
||||||
|
# If this doesn't "feel" like a URL, re-raise.
|
||||||
|
if '/' not in to and '.' not in to:
|
||||||
|
raise
|
||||||
|
|
||||||
|
# Finally, fall back and assume it's a URL
|
||||||
|
return to
|
||||||
|
@@ -1304,25 +1304,13 @@ The URL where requests are redirected after login when the
|
|||||||
This is used by the :func:`~django.contrib.auth.decorators.login_required`
|
This is used by the :func:`~django.contrib.auth.decorators.login_required`
|
||||||
decorator, for example.
|
decorator, for example.
|
||||||
|
|
||||||
.. _`note on LOGIN_REDIRECT_URL setting`:
|
.. versionchanged:: 1.5
|
||||||
|
|
||||||
.. note::
|
This setting now also accepts view function names and
|
||||||
You can use :func:`~django.core.urlresolvers.reverse_lazy` to reference
|
:ref:`named URL patterns <naming-url-patterns>` which can be used to reduce
|
||||||
URLs by their name instead of providing a hardcoded value. Assuming a
|
configuration duplication since you no longer have to define the URL in two
|
||||||
``urls.py`` with an URLpattern named ``home``::
|
places (``settings`` and URLconf).
|
||||||
|
For backward compatibility reasons the default remains unchanged.
|
||||||
urlpatterns = patterns('',
|
|
||||||
url('^welcome/$', 'test_app.views.home', name='home'),
|
|
||||||
)
|
|
||||||
|
|
||||||
You can use :func:`~django.core.urlresolvers.reverse_lazy` like this::
|
|
||||||
|
|
||||||
from django.core.urlresolvers import reverse_lazy
|
|
||||||
|
|
||||||
LOGIN_REDIRECT_URL = reverse_lazy('home')
|
|
||||||
|
|
||||||
This also works fine with localized URLs using
|
|
||||||
:func:`~django.conf.urls.i18n.i18n_patterns`.
|
|
||||||
|
|
||||||
.. setting:: LOGIN_URL
|
.. setting:: LOGIN_URL
|
||||||
|
|
||||||
@@ -1334,8 +1322,13 @@ Default: ``'/accounts/login/'``
|
|||||||
The URL where requests are redirected for login, especially when using the
|
The URL where requests are redirected for login, especially when using the
|
||||||
:func:`~django.contrib.auth.decorators.login_required` decorator.
|
:func:`~django.contrib.auth.decorators.login_required` decorator.
|
||||||
|
|
||||||
.. note::
|
.. versionchanged:: 1.5
|
||||||
See the `note on LOGIN_REDIRECT_URL setting`_
|
|
||||||
|
This setting now also accepts view function names and
|
||||||
|
:ref:`named URL patterns <naming-url-patterns>` which can be used to reduce
|
||||||
|
configuration duplication since you no longer have to define the URL in two
|
||||||
|
places (``settings`` and URLconf).
|
||||||
|
For backward compatibility reasons the default remains unchanged.
|
||||||
|
|
||||||
.. setting:: LOGOUT_URL
|
.. setting:: LOGOUT_URL
|
||||||
|
|
||||||
|
@@ -121,6 +121,12 @@ Django 1.5 also includes several smaller improvements worth noting:
|
|||||||
argument. By default the batch_size is unlimited except for SQLite where
|
argument. By default the batch_size is unlimited except for SQLite where
|
||||||
single batch is limited so that 999 parameters per query isn't exceeded.
|
single batch is limited so that 999 parameters per query isn't exceeded.
|
||||||
|
|
||||||
|
* The :setting:`LOGIN_URL` and :setting:`LOGIN_REDIRECT_URL` settings now also
|
||||||
|
accept view function names and
|
||||||
|
:ref:`named URL patterns <naming-url-patterns>`. This allows you to reduce
|
||||||
|
configuration duplication. More information can be found in the
|
||||||
|
:func:`~django.contrib.auth.decorators.login_required` documentation.
|
||||||
|
|
||||||
Backwards incompatible changes in 1.5
|
Backwards incompatible changes in 1.5
|
||||||
=====================================
|
=====================================
|
||||||
|
|
||||||
|
@@ -947,6 +947,13 @@ The login_required decorator
|
|||||||
|
|
||||||
(r'^accounts/login/$', 'django.contrib.auth.views.login'),
|
(r'^accounts/login/$', 'django.contrib.auth.views.login'),
|
||||||
|
|
||||||
|
.. versionchanged:: 1.5
|
||||||
|
|
||||||
|
As of version 1.5 :setting:`settings.LOGIN_URL <LOGIN_URL>` now also accepts
|
||||||
|
view function names and :ref:`named URL patterns <naming-url-patterns>`.
|
||||||
|
This allows you to freely remap your login view within your URLconf
|
||||||
|
without having to update the setting.
|
||||||
|
|
||||||
.. function:: views.login(request, [template_name, redirect_field_name, authentication_form])
|
.. function:: views.login(request, [template_name, redirect_field_name, authentication_form])
|
||||||
|
|
||||||
**URL name:** ``login``
|
**URL name:** ``login``
|
||||||
|
@@ -17,7 +17,7 @@ CT = ContentType.objects.get_for_model
|
|||||||
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',))
|
@override_settings(PASSWORD_HASHERS=('django.contrib.auth.hashers.UnsaltedMD5PasswordHasher',))
|
||||||
class CommentTestCase(TestCase):
|
class CommentTestCase(TestCase):
|
||||||
fixtures = ["comment_tests"]
|
fixtures = ["comment_tests"]
|
||||||
urls = 'django.contrib.comments.urls'
|
urls = 'regressiontests.comment_tests.urls_default'
|
||||||
|
|
||||||
def createSomeComments(self):
|
def createSomeComments(self):
|
||||||
# Two anonymous comments on two different objects
|
# Two anonymous comments on two different objects
|
||||||
|
9
tests/regressiontests/comment_tests/urls_default.py
Normal file
9
tests/regressiontests/comment_tests/urls_default.py
Normal file
@@ -0,0 +1,9 @@
|
|||||||
|
from django.conf.urls.defaults import *
|
||||||
|
|
||||||
|
urlpatterns = patterns('',
|
||||||
|
(r'^', include('django.contrib.comments.urls')),
|
||||||
|
|
||||||
|
# Provide the auth system login and logout views
|
||||||
|
(r'^accounts/login/$', 'django.contrib.auth.views.login', {'template_name': 'login.html'}),
|
||||||
|
(r'^accounts/logout/$', 'django.contrib.auth.views.logout'),
|
||||||
|
)
|
0
tests/regressiontests/resolve_url/__init__.py
Normal file
0
tests/regressiontests/resolve_url/__init__.py
Normal file
12
tests/regressiontests/resolve_url/models.py
Normal file
12
tests/regressiontests/resolve_url/models.py
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
"""
|
||||||
|
Regression tests for the resolve_url function.
|
||||||
|
"""
|
||||||
|
|
||||||
|
from django.db import models
|
||||||
|
|
||||||
|
|
||||||
|
class UnimportantThing(models.Model):
|
||||||
|
importance = models.IntegerField()
|
||||||
|
|
||||||
|
def get_absolute_url(self):
|
||||||
|
return '/importance/%d/' % (self.importance,)
|
68
tests/regressiontests/resolve_url/tests.py
Normal file
68
tests/regressiontests/resolve_url/tests.py
Normal file
@@ -0,0 +1,68 @@
|
|||||||
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
from django.core.urlresolvers import NoReverseMatch
|
||||||
|
from django.contrib.auth.views import logout
|
||||||
|
from django.utils.unittest import TestCase
|
||||||
|
from django.shortcuts import resolve_url
|
||||||
|
|
||||||
|
from .models import UnimportantThing
|
||||||
|
|
||||||
|
|
||||||
|
class ResolveUrlTests(TestCase):
|
||||||
|
"""
|
||||||
|
Tests for the ``resolve_url`` function.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def test_url_path(self):
|
||||||
|
"""
|
||||||
|
Tests that passing a URL path to ``resolve_url`` will result in the
|
||||||
|
same url.
|
||||||
|
"""
|
||||||
|
self.assertEqual('/something/', resolve_url('/something/'))
|
||||||
|
|
||||||
|
def test_full_url(self):
|
||||||
|
"""
|
||||||
|
Tests that passing a full URL to ``resolve_url`` will result in the
|
||||||
|
same url.
|
||||||
|
"""
|
||||||
|
url = 'http://example.com/'
|
||||||
|
self.assertEqual(url, resolve_url(url))
|
||||||
|
|
||||||
|
def test_model(self):
|
||||||
|
"""
|
||||||
|
Tests that passing a model to ``resolve_url`` will result in
|
||||||
|
``get_absolute_url`` being called on that model instance.
|
||||||
|
"""
|
||||||
|
m = UnimportantThing(importance=1)
|
||||||
|
self.assertEqual(m.get_absolute_url(), resolve_url(m))
|
||||||
|
|
||||||
|
def test_view_function(self):
|
||||||
|
"""
|
||||||
|
Tests that passing a view name to ``resolve_url`` will result in the
|
||||||
|
URL path mapping to that view name.
|
||||||
|
"""
|
||||||
|
resolved_url = resolve_url(logout)
|
||||||
|
self.assertEqual('/accounts/logout/', resolved_url)
|
||||||
|
|
||||||
|
def test_valid_view_name(self):
|
||||||
|
"""
|
||||||
|
Tests that passing a view function to ``resolve_url`` will result in
|
||||||
|
the URL path mapping to that view.
|
||||||
|
"""
|
||||||
|
resolved_url = resolve_url('django.contrib.auth.views.logout')
|
||||||
|
self.assertEqual('/accounts/logout/', resolved_url)
|
||||||
|
|
||||||
|
def test_domain(self):
|
||||||
|
"""
|
||||||
|
Tests that passing a domain to ``resolve_url`` returns the same domain.
|
||||||
|
"""
|
||||||
|
self.assertEqual(resolve_url('example.com'), 'example.com')
|
||||||
|
|
||||||
|
def test_non_view_callable_raises_no_reverse_match(self):
|
||||||
|
"""
|
||||||
|
Tests that passing a non-view callable into ``resolve_url`` raises a
|
||||||
|
``NoReverseMatch`` exception.
|
||||||
|
"""
|
||||||
|
with self.assertRaises(NoReverseMatch):
|
||||||
|
resolve_url(lambda: 'asdf')
|
||||||
|
|
@@ -92,7 +92,7 @@ def setup(verbosity, test_labels):
|
|||||||
settings.TEMPLATE_DIRS = (os.path.join(RUNTESTS_DIR, TEST_TEMPLATE_DIR),)
|
settings.TEMPLATE_DIRS = (os.path.join(RUNTESTS_DIR, TEST_TEMPLATE_DIR),)
|
||||||
settings.USE_I18N = True
|
settings.USE_I18N = True
|
||||||
settings.LANGUAGE_CODE = 'en'
|
settings.LANGUAGE_CODE = 'en'
|
||||||
settings.LOGIN_URL = '/accounts/login/'
|
settings.LOGIN_URL = 'django.contrib.auth.views.login'
|
||||||
settings.MIDDLEWARE_CLASSES = (
|
settings.MIDDLEWARE_CLASSES = (
|
||||||
'django.contrib.sessions.middleware.SessionMiddleware',
|
'django.contrib.sessions.middleware.SessionMiddleware',
|
||||||
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
'django.contrib.auth.middleware.AuthenticationMiddleware',
|
||||||
|
Reference in New Issue
Block a user