1
0
mirror of https://github.com/django/django.git synced 2024-12-22 17:16:24 +00:00

Fixed #28229 -- Fixed the value of LoginView's "next" template variable.

This commit is contained in:
Mikhail Golubev 2017-05-22 14:52:56 -07:00 committed by Tim Graham
parent a118287bca
commit e7dc39fb65
3 changed files with 13 additions and 5 deletions

View File

@ -65,7 +65,11 @@ class LoginView(SuccessURLAllowedHostsMixin, FormView):
return super().dispatch(request, *args, **kwargs)
def get_success_url(self):
"""Ensure the user-originating redirection URL is safe."""
url = self.get_redirect_url()
return url or resolve_url(settings.LOGIN_REDIRECT_URL)
def get_redirect_url(self):
"""Return the user-originating redirect URL if it's safe."""
redirect_to = self.request.POST.get(
self.redirect_field_name,
self.request.GET.get(self.redirect_field_name, '')
@ -75,9 +79,7 @@ class LoginView(SuccessURLAllowedHostsMixin, FormView):
allowed_hosts=self.get_success_url_allowed_hosts(),
require_https=self.request.is_secure(),
)
if not url_is_safe:
return resolve_url(settings.LOGIN_REDIRECT_URL)
return redirect_to
return redirect_to if url_is_safe else ''
def get_form_class(self):
return self.authentication_form or self.form_class
@ -96,7 +98,7 @@ class LoginView(SuccessURLAllowedHostsMixin, FormView):
context = super().get_context_data(**kwargs)
current_site = get_current_site(self.request)
context.update({
self.redirect_field_name: self.get_success_url(),
self.redirect_field_name: self.get_redirect_url(),
'site': current_site,
'site_name': current_site.name,
})

View File

@ -35,3 +35,8 @@ Bugfixes
* Prevented ``Paginator``s unordered object list warning from evaluating a
``QuerySet`` (:ticket:`28284`).
* Fixed the value of ``redirect_field_name`` in ``LoginView``s template
context. It's now an empty string (as it is for the original function-based
``login()`` view) if the corresponding parameter isn't sent in a request (in
particular, when the login page is accessed directly) (:ticket:`28229`).

View File

@ -835,6 +835,7 @@ class LoginRedirectAuthenticatedUser(AuthViewsTestCase):
self.login()
response = self.client.get(self.dont_redirect_url)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.context['next'], '')
def test_guest(self):
"""If not logged in, stay on the same page."""