Loading django/contrib/admin/forms.py +0 −1 Original line number Diff line number Diff line Loading @@ -33,5 +33,4 @@ class AdminAuthenticationForm(AuthenticationForm): raise forms.ValidationError(message % { 'username': self.username_field.verbose_name }) self.check_for_test_cookie() return self.cleaned_data django/contrib/auth/forms.py +4 −5 Original line number Diff line number Diff line from __future__ import unicode_literals import warnings from django import forms from django.forms.util import flatatt from django.template import loader Loading Loading @@ -153,8 +155,6 @@ class AuthenticationForm(forms.Form): error_messages = { 'invalid_login': _("Please enter a correct %(username)s and password. " "Note that both fields may be case-sensitive."), 'no_cookies': _("Your Web browser doesn't appear to have cookies " "enabled. Cookies are required for logging in."), 'inactive': _("This account is inactive."), } Loading Loading @@ -189,12 +189,11 @@ class AuthenticationForm(forms.Form): }) elif not self.user_cache.is_active: raise forms.ValidationError(self.error_messages['inactive']) self.check_for_test_cookie() return self.cleaned_data def check_for_test_cookie(self): if self.request and not self.request.session.test_cookie_worked(): raise forms.ValidationError(self.error_messages['no_cookies']) warnings.warn("check_for_test_cookie is deprecated; ensure your login " "view is CSRF-protected.", DeprecationWarning) def get_user_id(self): if self.user_cache: Loading django/contrib/auth/views.py +0 −5 Original line number Diff line number Diff line Loading @@ -45,15 +45,10 @@ def login(request, template_name='registration/login.html', # Okay, security check complete. Log the user in. auth_login(request, form.get_user()) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) else: form = authentication_form(request) request.session.set_test_cookie() current_site = get_current_site(request) context = { Loading docs/internals/deprecation.txt +6 −0 Original line number Diff line number Diff line Loading @@ -320,6 +320,12 @@ these changes. deprecated. Use the :class:`warnings.catch_warnings` context manager available starting with Python 2.6 instead. * The undocumented ``check_for_test_cookie`` method in :class:`~django.contrib.auth.forms.AuthenticationForm` will be removed following an accelerated deprecation. Users subclassing this form should remove calls to this method, and instead ensure that their auth related views are CSRF protected, which ensures that cookies are enabled. 1.8 --- Loading Loading
django/contrib/admin/forms.py +0 −1 Original line number Diff line number Diff line Loading @@ -33,5 +33,4 @@ class AdminAuthenticationForm(AuthenticationForm): raise forms.ValidationError(message % { 'username': self.username_field.verbose_name }) self.check_for_test_cookie() return self.cleaned_data
django/contrib/auth/forms.py +4 −5 Original line number Diff line number Diff line from __future__ import unicode_literals import warnings from django import forms from django.forms.util import flatatt from django.template import loader Loading Loading @@ -153,8 +155,6 @@ class AuthenticationForm(forms.Form): error_messages = { 'invalid_login': _("Please enter a correct %(username)s and password. " "Note that both fields may be case-sensitive."), 'no_cookies': _("Your Web browser doesn't appear to have cookies " "enabled. Cookies are required for logging in."), 'inactive': _("This account is inactive."), } Loading Loading @@ -189,12 +189,11 @@ class AuthenticationForm(forms.Form): }) elif not self.user_cache.is_active: raise forms.ValidationError(self.error_messages['inactive']) self.check_for_test_cookie() return self.cleaned_data def check_for_test_cookie(self): if self.request and not self.request.session.test_cookie_worked(): raise forms.ValidationError(self.error_messages['no_cookies']) warnings.warn("check_for_test_cookie is deprecated; ensure your login " "view is CSRF-protected.", DeprecationWarning) def get_user_id(self): if self.user_cache: Loading
django/contrib/auth/views.py +0 −5 Original line number Diff line number Diff line Loading @@ -45,15 +45,10 @@ def login(request, template_name='registration/login.html', # Okay, security check complete. Log the user in. auth_login(request, form.get_user()) if request.session.test_cookie_worked(): request.session.delete_test_cookie() return HttpResponseRedirect(redirect_to) else: form = authentication_form(request) request.session.set_test_cookie() current_site = get_current_site(request) context = { Loading
docs/internals/deprecation.txt +6 −0 Original line number Diff line number Diff line Loading @@ -320,6 +320,12 @@ these changes. deprecated. Use the :class:`warnings.catch_warnings` context manager available starting with Python 2.6 instead. * The undocumented ``check_for_test_cookie`` method in :class:`~django.contrib.auth.forms.AuthenticationForm` will be removed following an accelerated deprecation. Users subclassing this form should remove calls to this method, and instead ensure that their auth related views are CSRF protected, which ensures that cookies are enabled. 1.8 --- Loading
