Skip to content
Browse files

Merge branch '1.0.X'

  • Loading branch information...
2 parents 1d67141 + 3f5bcca commit 24b223e23dbb9f25b463393b765c9395b5c27e38 @carljm carljm committed May 9, 2012
View
13 moztrap/model/mtadmin.py
@@ -7,6 +7,7 @@
from django.conf import settings
from django.forms.models import BaseInlineFormSet
+from django.shortcuts import redirect
from django.views.decorators.cache import never_cache
from django.contrib import admin, messages
@@ -38,6 +39,18 @@ def login(self, request, extra_context=None):
)
+ @never_cache
+ def logout(self, request, extra_context=None):
+ """
+ Make admin 'logout' a no-op.
+
+ We replace the link with a "back to MozTrap" link.
+
+ The default AdminSite.logout implementation exposes us to logout CSRF.
+
+ """
+ return redirect("home")
+
site = MTAdminSite()
View
15 templates/admin/base_site.html
@@ -0,0 +1,15 @@
+{% extends "admin/base.html" %}
+{% load url from future %}
+{% load i18n %}
+
+{% block title %}{{ title }} | {% trans 'MozTrap admin' %}{% endblock %}
+
+{% block branding %}
+<h1 id="site-name">{% trans 'MozTrap administration' %}</h1>
+{% endblock %}
+
+{% block nav-global %}{% endblock %}
+
+{% block userlinks %}
+ [ <a href="{% url 'home' %}">{% trans 'Back to MozTrap' %}</a> ]
+{% endblock %}
View
2 templates/users/set_username_form.html
@@ -6,7 +6,7 @@
<section id="setusername">
<h2>Welcome! Please choose a username</h2>
- <p>We keep your email private, but we need a username to publicly identify
+ <p>We keep your email private, so we need a username to publicly identify
you on the site.</p>
<form method="POST" id="setusernameform">
View
21 tests/model/test_mtadmin.py
@@ -32,6 +32,27 @@ def test_login_redirect_message(self):
res.follow().mustcontain("have permission")
+ def test_logout_doesnt(self):
+ """
+ Admin 'logout' view just redirects to home.
+
+ The default version exposes us to logout CSRF. We remove the admin
+ logout link to, but we still need to neuter the actual view since
+ removing it from the url patterns is a pain.
+
+ """
+ from django.contrib.auth.signals import user_logged_out
+ def handler(*args, **kwargs):
+ self.fail("User logged out, should not have been.")
+ user_logged_out.connect(handler, weak=True)
+
+ user = self.F.UserFactory.create(is_staff=True)
+
+ res = self.app.get(reverse("admin:logout"), user=user)
+
+ self.assertRedirects(res, "/")
+
+
class TeamModelAdminTest(case.DBTestCase):
"""Tests of TeamModelAdmin."""

0 comments on commit 24b223e

Please sign in to comment.
Something went wrong with that request. Please try again.