This project is archived. Its data is read-only.

Commit a9ee1d4e authored Aug 23, 2008 by Russell Keith-Magee

Fixed #7776: Ensured that the test cookie is always deleted once a login has...

Fixed #7776: Ensured that the test cookie is always deleted once a login has succeeded. Thanks for the report and fix, Mnewman.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8484 bcc190cf-cafb-0310-a4f2-bffc1f526a37

parent 0f869f90

django/contrib/admin/sites.py

+1 −1

Original line number	Diff line number	Diff line
		@@ -274,13 +274,13 @@ class AdminSite(object):
		login(request, user)
		if request.POST.has_key('post_data'):
		post_data = _decode_post_data(request.POST['post_data'])
		request.session.delete_test_cookie()
		if post_data and not post_data.has_key(LOGIN_FORM_KEY):
		# overwrite request.POST with the saved post_data, and continue
		request.POST = post_data
		request.user = user
		return self.root(request, request.path.split(self.root_path)[-1])
		else:
		request.session.delete_test_cookie()
		return http.HttpResponseRedirect(request.get_full_path())
		else:
		return self.display_login_form(request, ERROR_MESSAGE)

tests/regressiontests/admin_views/tests.py

+4 −0

Original line number	Diff line number	Diff line
		@@ -237,6 +237,8 @@ class AdminViewPermissionsTest(TestCase):
		# Change User should not have access to add articles
		self.client.get('/test_admin/admin/')
		self.client.post('/test_admin/admin/', self.changeuser_login)
		# make sure the view removes test cookie
		self.failUnlessEqual(self.client.session.test_cookie_worked(), False)
		request = self.client.get('/test_admin/admin/admin_views/article/add/')
		self.failUnlessEqual(request.status_code, 403)
		# Try POST just to make sure
		@@ -266,6 +268,8 @@ class AdminViewPermissionsTest(TestCase):
		self.assertContains(post, 'Please log in again, because your session has expired.')
		self.super_login['post_data'] = _encode_post_data(add_dict)
		post = self.client.post('/test_admin/admin/admin_views/article/add/', self.super_login)
		# make sure the view removes test cookie
		self.failUnlessEqual(self.client.session.test_cookie_worked(), False)
		self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
		self.failUnlessEqual(Article.objects.all().count(), 4)
		self.client.get('/test_admin/admin/logout/')