Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

bad redirect url when trying access 'login required' page #1208

Closed
ramonz opened this Issue · 4 comments

4 participants

@ramonz

I found painful issue when LOGIN_URL contains query params.
For example in my settings.py a have:

    LOGIN_URL = '/accounts/?signin'

When I try accessing to private page I got redirect like /accounts/?signin?next=/path_to_private_page/

Small code changes in cms/views.py solves the problem:
was:

    93. tup = settings.LOGIN_URL , "next", path
    94. return HttpResponseRedirect('%s?%s=%s' % tup)

was now:

    93. parse_res = list(urlparse(settings.LOGIN_URL))
    94. params = parse_qsl(parse_res[4], True)  # 4 is query string
    95. params.append(('next', path))
    96. parse_res[4] = urlencode(params)
    97. url = unquote(urlunparse(parse_res))
    98. return HttpResponseRedirect(url)

after this changes redirect url is /accounts/?signin=&next=/path_to_private_page/

@kezabelle

Django's auth views handle the same problem in a almost exactly the same way: see trunk of redirect_to_login, so the proposed fix should be fairly battle tested by now.

Edit: in fact, why not just call out to contrib.auth.views.redirect_to_login()? That view doesn't seem especially tied to the default auth implementation.

@ramonz

okay, better solution when using django 1.3.1:

    93. return redirect_to_login(path, settings.LOGIN_URL)

but not sure that other django versions have the exactly the same code in redirect_to_login func.

@yakky yakky referenced this issue from a commit in yakky/django-cms
@yakky yakky Add test for #1208 db24fb0
@yakky
Collaborator

Fixed in #2039

@yakky yakky referenced this issue from a commit in yakky/django-cms
@yakky yakky Add test for #1208 9c203da
@digi604
Collaborator

fixed

@digi604 digi604 closed this
@yakky yakky referenced this issue from a commit in yakky/django-cms
@yakky yakky More resilient test for #1208 d909f3c
@yakky yakky referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@yakky yakky referenced this issue from a commit in yakky/django-cms
@yakky yakky Fix testfor #1208 7efc6b7
@yakky yakky referenced this issue from a commit in yakky/django-cms
@yakky yakky Backport from 3.0 of a better test for #1208 c9b3121
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.