From 22d82a7742c3b091857fda8612273360459110ee Mon Sep 17 00:00:00 2001 From: Preston Holmes Date: Sat, 23 Feb 2013 15:25:05 -0800 Subject: [PATCH] Fixed #15198 -- pass request to AuthenticationForm Thanks to Ciantic for the report, claudep and slurms for initial work --- django/contrib/auth/forms.py | 6 ++---- django/contrib/auth/tests/urls.py | 14 ++++++++++++-- django/contrib/auth/tests/views.py | 8 ++++++++ django/contrib/auth/views.py | 2 +- 4 files changed, 23 insertions(+), 7 deletions(-) diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py index f3ad655c65..42abde2f19 100644 --- a/django/contrib/auth/forms.py +++ b/django/contrib/auth/forms.py @@ -160,10 +160,8 @@ class AuthenticationForm(forms.Form): def __init__(self, request=None, *args, **kwargs): """ - If request is passed in, the form will validate that cookies are - enabled. Note that the request (a HttpRequest object) must have set a - cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before - running this validation. + The 'request' parameter is set for custom auth use by subclasses. + The form data comes in via the standard 'data' kwarg. """ self.request = request self.user_cache = None diff --git a/django/contrib/auth/tests/urls.py b/django/contrib/auth/tests/urls.py index 4b498ceaf0..51b05be648 100644 --- a/django/contrib/auth/tests/urls.py +++ b/django/contrib/auth/tests/urls.py @@ -1,14 +1,20 @@ from django.conf.urls import patterns, url from django.contrib.auth import context_processors +from django.contrib.auth.forms import AuthenticationForm from django.contrib.auth.urls import urlpatterns -from django.contrib.auth.views import password_reset +from django.contrib.auth.views import password_reset, login from django.contrib.auth.decorators import login_required from django.contrib.messages.api import info -from django.http import HttpResponse +from django.http import HttpResponse, HttpRequest from django.shortcuts import render_to_response from django.template import Template, RequestContext from django.views.decorators.cache import never_cache +class CustomRequestAuthenticationForm(AuthenticationForm): + def __init__(self, request, *args, **kwargs): + assert isinstance(request, HttpRequest) + super(CustomRequestAuthenticationForm, self).__init__(request, *args, **kwargs) + @never_cache def remote_user_auth_view(request): "Dummy view for remote user tests" @@ -49,6 +55,9 @@ def auth_processor_messages(request): def userpage(request): pass +def custom_request_auth_login(request): + return login(request, authentication_form=CustomRequestAuthenticationForm) + # special urls for auth test cases urlpatterns = urlpatterns + patterns('', (r'^logout/custom_query/$', 'django.contrib.auth.views.logout', dict(redirect_field_name='follow')), @@ -65,6 +74,7 @@ urlpatterns = urlpatterns + patterns('', (r'^auth_processor_perms/$', auth_processor_perms), (r'^auth_processor_perm_in_perms/$', auth_processor_perm_in_perms), (r'^auth_processor_messages/$', auth_processor_messages), + (r'^custom_request_auth_login/$', custom_request_auth_login), url(r'^userpage/(.+)/$', userpage, name="userpage"), ) diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py index b41c7198f5..ee1b18d038 100644 --- a/django/contrib/auth/tests/views.py +++ b/django/contrib/auth/tests/views.py @@ -365,6 +365,14 @@ class LoginTest(AuthViewsTestCase): self.assertTrue(good_url in response.url, "%s should be allowed" % good_url) + def test_login_form_contains_request(self): + # 15198 + response = self.client.post('/custom_requestauth_login/', { + 'username': 'testclient', + 'password': 'password', + }, follow=True) + # the custom authentication form used by this login asserts + # that a request is passed to the form successfully. @skipIfCustomUser class LoginURLSettings(AuthViewsTestCase): diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py index c9f53f1956..8a554b0ad8 100644 --- a/django/contrib/auth/views.py +++ b/django/contrib/auth/views.py @@ -35,7 +35,7 @@ def login(request, template_name='registration/login.html', redirect_to = request.REQUEST.get(redirect_field_name, '') if request.method == "POST": - form = authentication_form(data=request.POST) + form = authentication_form(request, data=request.POST) if form.is_valid(): # Ensure the user-originating redirection url is safe.