Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Fixed #7776: Ensured that the test cookie is always deleted once a lo…

…gin has succeeded. Thanks for the report and fix, Mnewman.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@8484 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit a9ee1d4e28f4e6509dd910982b5504bc6a3554cc 1 parent 0f869f9
Russell Keith-Magee authored
2  django/contrib/admin/sites.py
@@ -274,13 +274,13 @@ def login(self, request):
274 274
                 login(request, user)
275 275
                 if request.POST.has_key('post_data'):
276 276
                     post_data = _decode_post_data(request.POST['post_data'])
  277
+                    request.session.delete_test_cookie()
277 278
                     if post_data and not post_data.has_key(LOGIN_FORM_KEY):
278 279
                         # overwrite request.POST with the saved post_data, and continue
279 280
                         request.POST = post_data
280 281
                         request.user = user
281 282
                         return self.root(request, request.path.split(self.root_path)[-1])
282 283
                     else:
283  
-                        request.session.delete_test_cookie()
284 284
                         return http.HttpResponseRedirect(request.get_full_path())
285 285
             else:
286 286
                 return self.display_login_form(request, ERROR_MESSAGE)
4  tests/regressiontests/admin_views/tests.py
@@ -237,6 +237,8 @@ def testAddView(self):
237 237
         # Change User should not have access to add articles
238 238
         self.client.get('/test_admin/admin/')
239 239
         self.client.post('/test_admin/admin/', self.changeuser_login)
  240
+        # make sure the view removes test cookie
  241
+        self.failUnlessEqual(self.client.session.test_cookie_worked(), False)
240 242
         request = self.client.get('/test_admin/admin/admin_views/article/add/')
241 243
         self.failUnlessEqual(request.status_code, 403)
242 244
         # Try POST just to make sure
@@ -266,6 +268,8 @@ def testAddView(self):
266 268
         self.assertContains(post, 'Please log in again, because your session has expired.')
267 269
         self.super_login['post_data'] = _encode_post_data(add_dict)
268 270
         post = self.client.post('/test_admin/admin/admin_views/article/add/', self.super_login)
  271
+        # make sure the view removes test cookie
  272
+        self.failUnlessEqual(self.client.session.test_cookie_worked(), False)
269 273
         self.assertRedirects(post, '/test_admin/admin/admin_views/article/')
270 274
         self.failUnlessEqual(Article.objects.all().count(), 4)
271 275
         self.client.get('/test_admin/admin/logout/')

0 notes on commit a9ee1d4

Please sign in to comment.
Something went wrong with that request. Please try again.