Loading django/contrib/auth/forms.py +2 −4 Original line number Diff line number Diff line Loading @@ -160,10 +160,8 @@ class AuthenticationForm(forms.Form): def __init__(self, request=None, *args, **kwargs): """ If request is passed in, the form will validate that cookies are enabled. Note that the request (a HttpRequest object) must have set a cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before running this validation. The 'request' parameter is set for custom auth use by subclasses. The form data comes in via the standard 'data' kwarg. """ self.request = request self.user_cache = None Loading django/contrib/auth/tests/urls.py +12 −2 Original line number Diff line number Diff line from django.conf.urls import patterns, url from django.contrib.auth import context_processors from django.contrib.auth.forms import AuthenticationForm from django.contrib.auth.urls import urlpatterns from django.contrib.auth.views import password_reset from django.contrib.auth.views import password_reset, login from django.contrib.auth.decorators import login_required from django.contrib.messages.api import info from django.http import HttpResponse from django.http import HttpResponse, HttpRequest from django.shortcuts import render_to_response from django.template import Template, RequestContext from django.views.decorators.cache import never_cache class CustomRequestAuthenticationForm(AuthenticationForm): def __init__(self, request, *args, **kwargs): assert isinstance(request, HttpRequest) super(CustomRequestAuthenticationForm, self).__init__(request, *args, **kwargs) @never_cache def remote_user_auth_view(request): "Dummy view for remote user tests" Loading Loading @@ -49,6 +55,9 @@ def auth_processor_messages(request): def userpage(request): pass def custom_request_auth_login(request): return login(request, authentication_form=CustomRequestAuthenticationForm) # special urls for auth test cases urlpatterns = urlpatterns + patterns('', (r'^logout/custom_query/$', 'django.contrib.auth.views.logout', dict(redirect_field_name='follow')), Loading @@ -65,6 +74,7 @@ urlpatterns = urlpatterns + patterns('', (r'^auth_processor_perms/$', auth_processor_perms), (r'^auth_processor_perm_in_perms/$', auth_processor_perm_in_perms), (r'^auth_processor_messages/$', auth_processor_messages), (r'^custom_request_auth_login/$', custom_request_auth_login), url(r'^userpage/(.+)/$', userpage, name="userpage"), ) django/contrib/auth/tests/views.py +8 −0 Original line number Diff line number Diff line Loading @@ -365,6 +365,14 @@ class LoginTest(AuthViewsTestCase): self.assertTrue(good_url in response.url, "%s should be allowed" % good_url) def test_login_form_contains_request(self): # 15198 response = self.client.post('/custom_requestauth_login/', { 'username': 'testclient', 'password': 'password', }, follow=True) # the custom authentication form used by this login asserts # that a request is passed to the form successfully. @skipIfCustomUser class LoginURLSettings(AuthViewsTestCase): Loading django/contrib/auth/views.py +1 −1 Original line number Diff line number Diff line Loading @@ -35,7 +35,7 @@ def login(request, template_name='registration/login.html', redirect_to = request.REQUEST.get(redirect_field_name, '') if request.method == "POST": form = authentication_form(data=request.POST) form = authentication_form(request, data=request.POST) if form.is_valid(): # Ensure the user-originating redirection url is safe. Loading Loading
django/contrib/auth/forms.py +2 −4 Original line number Diff line number Diff line Loading @@ -160,10 +160,8 @@ class AuthenticationForm(forms.Form): def __init__(self, request=None, *args, **kwargs): """ If request is passed in, the form will validate that cookies are enabled. Note that the request (a HttpRequest object) must have set a cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before running this validation. The 'request' parameter is set for custom auth use by subclasses. The form data comes in via the standard 'data' kwarg. """ self.request = request self.user_cache = None Loading
django/contrib/auth/tests/urls.py +12 −2 Original line number Diff line number Diff line from django.conf.urls import patterns, url from django.contrib.auth import context_processors from django.contrib.auth.forms import AuthenticationForm from django.contrib.auth.urls import urlpatterns from django.contrib.auth.views import password_reset from django.contrib.auth.views import password_reset, login from django.contrib.auth.decorators import login_required from django.contrib.messages.api import info from django.http import HttpResponse from django.http import HttpResponse, HttpRequest from django.shortcuts import render_to_response from django.template import Template, RequestContext from django.views.decorators.cache import never_cache class CustomRequestAuthenticationForm(AuthenticationForm): def __init__(self, request, *args, **kwargs): assert isinstance(request, HttpRequest) super(CustomRequestAuthenticationForm, self).__init__(request, *args, **kwargs) @never_cache def remote_user_auth_view(request): "Dummy view for remote user tests" Loading Loading @@ -49,6 +55,9 @@ def auth_processor_messages(request): def userpage(request): pass def custom_request_auth_login(request): return login(request, authentication_form=CustomRequestAuthenticationForm) # special urls for auth test cases urlpatterns = urlpatterns + patterns('', (r'^logout/custom_query/$', 'django.contrib.auth.views.logout', dict(redirect_field_name='follow')), Loading @@ -65,6 +74,7 @@ urlpatterns = urlpatterns + patterns('', (r'^auth_processor_perms/$', auth_processor_perms), (r'^auth_processor_perm_in_perms/$', auth_processor_perm_in_perms), (r'^auth_processor_messages/$', auth_processor_messages), (r'^custom_request_auth_login/$', custom_request_auth_login), url(r'^userpage/(.+)/$', userpage, name="userpage"), )
django/contrib/auth/tests/views.py +8 −0 Original line number Diff line number Diff line Loading @@ -365,6 +365,14 @@ class LoginTest(AuthViewsTestCase): self.assertTrue(good_url in response.url, "%s should be allowed" % good_url) def test_login_form_contains_request(self): # 15198 response = self.client.post('/custom_requestauth_login/', { 'username': 'testclient', 'password': 'password', }, follow=True) # the custom authentication form used by this login asserts # that a request is passed to the form successfully. @skipIfCustomUser class LoginURLSettings(AuthViewsTestCase): Loading
django/contrib/auth/views.py +1 −1 Original line number Diff line number Diff line Loading @@ -35,7 +35,7 @@ def login(request, template_name='registration/login.html', redirect_to = request.REQUEST.get(redirect_field_name, '') if request.method == "POST": form = authentication_form(data=request.POST) form = authentication_form(request, data=request.POST) if form.is_valid(): # Ensure the user-originating redirection url is safe. Loading
