Author: russellm
Date: 2008-08-23 09:12:58 -0500 (Sat, 23 Aug 2008)
New Revision: 8484
Modified:
django/trunk/django/contrib/admin/sites.py
django/trunk/tests/regressiontests/admin_views/tests.py
Log:
Fixed #7776: Ensured that the test cookie is always deleted once a login has
succeeded. Thanks for the report and fix, Mnewman.
Modified: django/trunk/django/contrib/admin/sites.py
===================================================================
--- django/trunk/django/contrib/admin/sites.py 2008-08-23 13:31:28 UTC (rev
8483)
+++ django/trunk/django/contrib/admin/sites.py 2008-08-23 14:12:58 UTC (rev
8484)
@@ -274,13 +274,13 @@
login(request, user)
if request.POST.has_key('post_data'):
post_data = _decode_post_data(request.POST['post_data'])
+ request.session.delete_test_cookie()
if post_data and not post_data.has_key(LOGIN_FORM_KEY):
# overwrite request.POST with the saved post_data, and
continue
request.POST = post_data
request.user = user
return self.root(request,
request.path.split(self.root_path)[-1])
else:
- request.session.delete_test_cookie()
return
http.HttpResponseRedirect(request.get_full_path())
else:
return self.display_login_form(request, ERROR_MESSAGE)
Modified: django/trunk/tests/regressiontests/admin_views/tests.py
===================================================================
--- django/trunk/tests/regressiontests/admin_views/tests.py 2008-08-23
13:31:28 UTC (rev 8483)
+++ django/trunk/tests/regressiontests/admin_views/tests.py 2008-08-23
14:12:58 UTC (rev 8484)
@@ -237,6 +237,8 @@
# Change User should not have access to add articles
self.client.get('/test_admin/admin/')
self.client.post('/test_admin/admin/', self.changeuser_login)
+ # make sure the view removes test cookie
+ self.failUnlessEqual(self.client.session.test_cookie_worked(), False)
request = self.client.get('/test_admin/admin/admin_views/article/add/')
self.failUnlessEqual(request.status_code, 403)
# Try POST just to make sure
@@ -266,6 +268,8 @@
self.assertContains(post, 'Please log in again, because your session
has expired.')
self.super_login['post_data'] = _encode_post_data(add_dict)
post = self.client.post('/test_admin/admin/admin_views/article/add/',
self.super_login)
+ # make sure the view removes test cookie
+ self.failUnlessEqual(self.client.session.test_cookie_worked(), False)
self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
self.failUnlessEqual(Article.objects.all().count(), 4)
self.client.get('/test_admin/admin/logout/')
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en
-~----------~----~----~----~------~----~------~--~---
