Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Removed superfluous cookie check from auth login.

This is ensured through the CSRF protection of the view
  • Loading branch information...
commit 9d2c0a0ae6ce931699daa87735d5b8b2afaa20f9 1 parent b902a92
@ptone ptone authored
View
1  django/contrib/admin/forms.py
@@ -33,5 +33,4 @@ def clean(self):
raise forms.ValidationError(message % {
'username': self.username_field.verbose_name
})
- self.check_for_test_cookie()
return self.cleaned_data
View
9 django/contrib/auth/forms.py
@@ -1,5 +1,7 @@
from __future__ import unicode_literals
+import warnings
+
from django import forms
from django.forms.util import flatatt
from django.template import loader
@@ -153,8 +155,6 @@ class AuthenticationForm(forms.Form):
error_messages = {
'invalid_login': _("Please enter a correct %(username)s and password. "
"Note that both fields may be case-sensitive."),
- 'no_cookies': _("Your Web browser doesn't appear to have cookies "
- "enabled. Cookies are required for logging in."),
'inactive': _("This account is inactive."),
}
@@ -189,12 +189,11 @@ def clean(self):
})
elif not self.user_cache.is_active:
raise forms.ValidationError(self.error_messages['inactive'])
- self.check_for_test_cookie()
return self.cleaned_data
def check_for_test_cookie(self):
- if self.request and not self.request.session.test_cookie_worked():
- raise forms.ValidationError(self.error_messages['no_cookies'])
+ warnings.warn("check_for_test_cookie is deprecated; ensure your login "
+ "view is CSRF-protected.", DeprecationWarning)
def get_user_id(self):
if self.user_cache:
View
5 django/contrib/auth/views.py
@@ -45,15 +45,10 @@ def login(request, template_name='registration/login.html',
# Okay, security check complete. Log the user in.
auth_login(request, form.get_user())
- if request.session.test_cookie_worked():
- request.session.delete_test_cookie()
-
return HttpResponseRedirect(redirect_to)
else:
form = authentication_form(request)
- request.session.set_test_cookie()
-
current_site = get_current_site(request)
context = {
View
6 docs/internals/deprecation.txt
@@ -320,6 +320,12 @@ these changes.
deprecated. Use the :class:`warnings.catch_warnings` context manager
available starting with Python 2.6 instead.
+* The undocumented ``check_for_test_cookie`` method in
+ :class:`~django.contrib.auth.forms.AuthenticationForm` will be removed
+ following an accelerated deprecation. Users subclassing this form should
+ remove calls to this method, and instead ensure that their auth related views
+ are CSRF protected, which ensures that cookies are enabled.
+
1.8
---
Please sign in to comment.
Something went wrong with that request. Please try again.