Removed superfluous cookie check from auth login.
This is ensured through the CSRF protection of the view
This commit is contained in:
parent
b902a92b71
commit
9d2c0a0ae6
|
@ -33,5 +33,4 @@ class AdminAuthenticationForm(AuthenticationForm):
|
||||||
raise forms.ValidationError(message % {
|
raise forms.ValidationError(message % {
|
||||||
'username': self.username_field.verbose_name
|
'username': self.username_field.verbose_name
|
||||||
})
|
})
|
||||||
self.check_for_test_cookie()
|
|
||||||
return self.cleaned_data
|
return self.cleaned_data
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
from __future__ import unicode_literals
|
from __future__ import unicode_literals
|
||||||
|
|
||||||
|
import warnings
|
||||||
|
|
||||||
from django import forms
|
from django import forms
|
||||||
from django.forms.util import flatatt
|
from django.forms.util import flatatt
|
||||||
from django.template import loader
|
from django.template import loader
|
||||||
|
@ -153,8 +155,6 @@ class AuthenticationForm(forms.Form):
|
||||||
error_messages = {
|
error_messages = {
|
||||||
'invalid_login': _("Please enter a correct %(username)s and password. "
|
'invalid_login': _("Please enter a correct %(username)s and password. "
|
||||||
"Note that both fields may be case-sensitive."),
|
"Note that both fields may be case-sensitive."),
|
||||||
'no_cookies': _("Your Web browser doesn't appear to have cookies "
|
|
||||||
"enabled. Cookies are required for logging in."),
|
|
||||||
'inactive': _("This account is inactive."),
|
'inactive': _("This account is inactive."),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -189,12 +189,11 @@ class AuthenticationForm(forms.Form):
|
||||||
})
|
})
|
||||||
elif not self.user_cache.is_active:
|
elif not self.user_cache.is_active:
|
||||||
raise forms.ValidationError(self.error_messages['inactive'])
|
raise forms.ValidationError(self.error_messages['inactive'])
|
||||||
self.check_for_test_cookie()
|
|
||||||
return self.cleaned_data
|
return self.cleaned_data
|
||||||
|
|
||||||
def check_for_test_cookie(self):
|
def check_for_test_cookie(self):
|
||||||
if self.request and not self.request.session.test_cookie_worked():
|
warnings.warn("check_for_test_cookie is deprecated; ensure your login "
|
||||||
raise forms.ValidationError(self.error_messages['no_cookies'])
|
"view is CSRF-protected.", DeprecationWarning)
|
||||||
|
|
||||||
def get_user_id(self):
|
def get_user_id(self):
|
||||||
if self.user_cache:
|
if self.user_cache:
|
||||||
|
|
|
@ -45,15 +45,10 @@ def login(request, template_name='registration/login.html',
|
||||||
# Okay, security check complete. Log the user in.
|
# Okay, security check complete. Log the user in.
|
||||||
auth_login(request, form.get_user())
|
auth_login(request, form.get_user())
|
||||||
|
|
||||||
if request.session.test_cookie_worked():
|
|
||||||
request.session.delete_test_cookie()
|
|
||||||
|
|
||||||
return HttpResponseRedirect(redirect_to)
|
return HttpResponseRedirect(redirect_to)
|
||||||
else:
|
else:
|
||||||
form = authentication_form(request)
|
form = authentication_form(request)
|
||||||
|
|
||||||
request.session.set_test_cookie()
|
|
||||||
|
|
||||||
current_site = get_current_site(request)
|
current_site = get_current_site(request)
|
||||||
|
|
||||||
context = {
|
context = {
|
||||||
|
|
|
@ -320,6 +320,12 @@ these changes.
|
||||||
deprecated. Use the :class:`warnings.catch_warnings` context manager
|
deprecated. Use the :class:`warnings.catch_warnings` context manager
|
||||||
available starting with Python 2.6 instead.
|
available starting with Python 2.6 instead.
|
||||||
|
|
||||||
|
* The undocumented ``check_for_test_cookie`` method in
|
||||||
|
:class:`~django.contrib.auth.forms.AuthenticationForm` will be removed
|
||||||
|
following an accelerated deprecation. Users subclassing this form should
|
||||||
|
remove calls to this method, and instead ensure that their auth related views
|
||||||
|
are CSRF protected, which ensures that cookies are enabled.
|
||||||
|
|
||||||
1.8
|
1.8
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue