mirror of
https://github.com/django/django.git
synced 2024-12-22 17:16:24 +00:00
Fixed #28229 -- Fixed the value of LoginView's "next" template variable.
This commit is contained in:
parent
a118287bca
commit
e7dc39fb65
@ -65,7 +65,11 @@ class LoginView(SuccessURLAllowedHostsMixin, FormView):
|
||||
return super().dispatch(request, *args, **kwargs)
|
||||
|
||||
def get_success_url(self):
|
||||
"""Ensure the user-originating redirection URL is safe."""
|
||||
url = self.get_redirect_url()
|
||||
return url or resolve_url(settings.LOGIN_REDIRECT_URL)
|
||||
|
||||
def get_redirect_url(self):
|
||||
"""Return the user-originating redirect URL if it's safe."""
|
||||
redirect_to = self.request.POST.get(
|
||||
self.redirect_field_name,
|
||||
self.request.GET.get(self.redirect_field_name, '')
|
||||
@ -75,9 +79,7 @@ class LoginView(SuccessURLAllowedHostsMixin, FormView):
|
||||
allowed_hosts=self.get_success_url_allowed_hosts(),
|
||||
require_https=self.request.is_secure(),
|
||||
)
|
||||
if not url_is_safe:
|
||||
return resolve_url(settings.LOGIN_REDIRECT_URL)
|
||||
return redirect_to
|
||||
return redirect_to if url_is_safe else ''
|
||||
|
||||
def get_form_class(self):
|
||||
return self.authentication_form or self.form_class
|
||||
@ -96,7 +98,7 @@ class LoginView(SuccessURLAllowedHostsMixin, FormView):
|
||||
context = super().get_context_data(**kwargs)
|
||||
current_site = get_current_site(self.request)
|
||||
context.update({
|
||||
self.redirect_field_name: self.get_success_url(),
|
||||
self.redirect_field_name: self.get_redirect_url(),
|
||||
'site': current_site,
|
||||
'site_name': current_site.name,
|
||||
})
|
||||
|
@ -35,3 +35,8 @@ Bugfixes
|
||||
|
||||
* Prevented ``Paginator``’s unordered object list warning from evaluating a
|
||||
``QuerySet`` (:ticket:`28284`).
|
||||
|
||||
* Fixed the value of ``redirect_field_name`` in ``LoginView``’s template
|
||||
context. It's now an empty string (as it is for the original function-based
|
||||
``login()`` view) if the corresponding parameter isn't sent in a request (in
|
||||
particular, when the login page is accessed directly) (:ticket:`28229`).
|
||||
|
@ -835,6 +835,7 @@ class LoginRedirectAuthenticatedUser(AuthViewsTestCase):
|
||||
self.login()
|
||||
response = self.client.get(self.dont_redirect_url)
|
||||
self.assertEqual(response.status_code, 200)
|
||||
self.assertEqual(response.context['next'], '')
|
||||
|
||||
def test_guest(self):
|
||||
"""If not logged in, stay on the same page."""
|
||||
|
Loading…
Reference in New Issue
Block a user