From 03eeb020a00dedba2594326bd606d8b41d51e80f Mon Sep 17 00:00:00 2001 From: Jannis Leidel Date: Thu, 9 Feb 2012 18:56:23 +0000 Subject: [PATCH] Fixed #159 -- Prevent the `AdminSite` from logging users out when they try to log in form the logout page. Many thanks, ashchristopher. git-svn-id: http://code.djangoproject.com/svn/django/trunk@17465 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- django/contrib/admin/sites.py | 8 +++++-- tests/regressiontests/admin_views/tests.py | 28 ++++++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) mode change 100644 => 100755 django/contrib/admin/sites.py mode change 100644 => 100755 tests/regressiontests/admin_views/tests.py diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py old mode 100644 new mode 100755 index 83a08699c2..4bb6440877 --- a/django/contrib/admin/sites.py +++ b/django/contrib/admin/sites.py @@ -1,5 +1,5 @@ from functools import update_wrapper -from django import http +from django.http import Http404, HttpResponseRedirect from django.contrib.admin import ModelAdmin, actions from django.contrib.admin.forms import AdminAuthenticationForm from django.contrib.auth import REDIRECT_FIELD_NAME @@ -188,6 +188,10 @@ class AdminSite(object): """ def inner(request, *args, **kwargs): if not self.has_permission(request): + if request.path == reverse('admin:logout', + current_app=self.name): + index_path = reverse('admin:index', current_app=self.name) + return HttpResponseRedirect(index_path) return self.login(request) return view(request, *args, **kwargs) if not cacheable: @@ -421,7 +425,7 @@ class AdminSite(object): 'models': [model_dict], } if not app_dict: - raise http.Http404('The requested admin page does not exist.') + raise Http404('The requested admin page does not exist.') # Sort the models alphabetically within each app. app_dict['models'].sort(key=lambda x: x['name']) context = { diff --git a/tests/regressiontests/admin_views/tests.py b/tests/regressiontests/admin_views/tests.py old mode 100644 new mode 100755 index ab40c698de..6b001e97ab --- a/tests/regressiontests/admin_views/tests.py +++ b/tests/regressiontests/admin_views/tests.py @@ -3385,3 +3385,31 @@ class AdminCustomSaveRelatedTests(TestCase): self.assertEqual('Josh Stone', Parent.objects.latest('id').name) self.assertEqual([u'Catherine Stone', u'Paul Stone'], children_names) + + +class AdminViewLogoutTest(TestCase): + urls = "regressiontests.admin_views.urls" + fixtures = ['admin-views-users.xml'] + + def setUp(self): + self.client.login(username='super', password='secret') + + def tearDown(self): + self.client.logout() + + def test_client_logout_url_can_be_used_to_login(self): + response = self.client.get('/test_admin/admin/logout/') + self.assertEqual(response.status_code, 200) + self.assertEqual(response.template_name, 'registration/logged_out.html') + self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/logout/') + + # we are now logged out + response = self.client.get('/test_admin/admin/logout/') + self.assertEqual(response.status_code, 302) # we should be redirected to the login page. + + # follow the redirect and test results. + response = self.client.get('/test_admin/admin/logout/', follow=True) + self.assertEqual(response.status_code, 200) + self.assertEqual(response.template_name, 'admin/login.html') + self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/') + self.assertContains(response, '')