Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #159 -- Prevent the `AdminSite` from logging users out when the…

…y try to log in form the logout page. Many thanks, ashchristopher.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17465 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit 03eeb020a00dedba2594326bd606d8b41d51e80f 1 parent bd58612
Jannis Leidel authored February 09, 2012
8  django/contrib/admin/sites.py 100644 → 100755
... ...
@@ -1,5 +1,5 @@
1 1
 from functools import update_wrapper
2  
-from django import http
  2
+from django.http import Http404, HttpResponseRedirect
3 3
 from django.contrib.admin import ModelAdmin, actions
4 4
 from django.contrib.admin.forms import AdminAuthenticationForm
5 5
 from django.contrib.auth import REDIRECT_FIELD_NAME
@@ -188,6 +188,10 @@ def get_urls(self):
188 188
         """
189 189
         def inner(request, *args, **kwargs):
190 190
             if not self.has_permission(request):
  191
+                if request.path == reverse('admin:logout',
  192
+                                           current_app=self.name):
  193
+                    index_path = reverse('admin:index', current_app=self.name)
  194
+                    return HttpResponseRedirect(index_path)
191 195
                 return self.login(request)
192 196
             return view(request, *args, **kwargs)
193 197
         if not cacheable:
@@ -421,7 +425,7 @@ def app_index(self, request, app_label, extra_context=None):
421 425
                                 'models': [model_dict],
422 426
                             }
423 427
         if not app_dict:
424  
-            raise http.Http404('The requested admin page does not exist.')
  428
+            raise Http404('The requested admin page does not exist.')
425 429
         # Sort the models alphabetically within each app.
426 430
         app_dict['models'].sort(key=lambda x: x['name'])
427 431
         context = {
28  tests/regressiontests/admin_views/tests.py 100644 → 100755
@@ -3385,3 +3385,31 @@ def test_should_be_able_to_edit_related_objects_on_changelist_view(self):
3385 3385
 
3386 3386
         self.assertEqual('Josh Stone', Parent.objects.latest('id').name)
3387 3387
         self.assertEqual([u'Catherine Stone', u'Paul Stone'], children_names)
  3388
+
  3389
+
  3390
+class AdminViewLogoutTest(TestCase):
  3391
+    urls = "regressiontests.admin_views.urls"
  3392
+    fixtures = ['admin-views-users.xml']
  3393
+
  3394
+    def setUp(self):
  3395
+        self.client.login(username='super', password='secret')
  3396
+
  3397
+    def tearDown(self):
  3398
+        self.client.logout()
  3399
+
  3400
+    def test_client_logout_url_can_be_used_to_login(self):
  3401
+        response = self.client.get('/test_admin/admin/logout/')
  3402
+        self.assertEqual(response.status_code, 200)
  3403
+        self.assertEqual(response.template_name, 'registration/logged_out.html')
  3404
+        self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/logout/')
  3405
+
  3406
+        # we are now logged out
  3407
+        response = self.client.get('/test_admin/admin/logout/')
  3408
+        self.assertEqual(response.status_code, 302)  # we should be redirected to the login page.
  3409
+
  3410
+        # follow the redirect and test results.
  3411
+        response = self.client.get('/test_admin/admin/logout/', follow=True)
  3412
+        self.assertEqual(response.status_code, 200)
  3413
+        self.assertEqual(response.template_name, 'admin/login.html')
  3414
+        self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/')
  3415
+        self.assertContains(response, '<input type="hidden" name="next" value="/test_admin/admin/" />')

0 notes on commit 03eeb02

Please sign in to comment.
Something went wrong with that request. Please try again.