innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME. 

Regression in ba31b01034.
This commit is contained in:
Slava Skvortsov 2021-05-17 13:21:50 +02:00 committed by Mariusz Felisiak
parent de32fe83a2
commit f7691d4812
3 changed files with 41 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
django/contrib/admin/sites.py
View File

@ -420,14 +420,13 @@ class AdminSite:
def catch_all_view(self, request, url): def catch_all_view(self, request, url):
if settings.APPEND_SLASH and not url.endswith('/'): if settings.APPEND_SLASH and not url.endswith('/'):
urlconf = getattr(request, 'urlconf', None) urlconf = getattr(request, 'urlconf', None)
path = '%s/' % request.path_info
try: try:
match = resolve(path, urlconf) match = resolve('%s/' % request.path_info, urlconf)
except Resolver404: except Resolver404:
pass pass
else: else:
if getattr(match.func, 'should_append_slash', True): if getattr(match.func, 'should_append_slash', True):
return HttpResponsePermanentRedirect(path) return HttpResponsePermanentRedirect('%s/' % request.path)
raise Http404 raise Http404
def _build_app_dict(self, request, label=None): def _build_app_dict(self, request, label=None):

4
docs/releases/3.2.4.txt
View File

@ -9,4 +9,6 @@ Django 3.2.4 fixes several bugs in 3.2.3.
Bugfixes Bugfixes
======== ========
* ... * Fixed a bug in Django 3.2 where a final catch-all view in the admin didn't
respect the server-provided value of ``SCRIPT_NAME`` when redirecting
unauthenticated users to the login page (:ticket:`32754`).

36
tests/admin_views/tests.py
View File

@ -6602,6 +6602,42 @@ class AdminSiteFinalCatchAllPatternTests(TestCase):
response = self.client.get(known_url[:-1]) response = self.client.get(known_url[:-1])
self.assertRedirects(response, known_url, status_code=301, target_status_code=403) self.assertRedirects(response, known_url, status_code=301, target_status_code=403)
@override_settings(APPEND_SLASH=True)
def test_missing_slash_append_slash_true_script_name(self):
superuser = User.objects.create_user(
username='staff',
password='secret',
email='staff@example.com',
is_staff=True,
)
self.client.force_login(superuser)
known_url = reverse('admin:admin_views_article_changelist')
response = self.client.get(known_url[:-1], SCRIPT_NAME='/prefix/')
self.assertRedirects(
response,
'/prefix' + known_url,
status_code=301,
fetch_redirect_response=False,
)
@override_settings(APPEND_SLASH=True, FORCE_SCRIPT_NAME='/prefix/')
def test_missing_slash_append_slash_true_force_script_name(self):
superuser = User.objects.create_user(
username='staff',
password='secret',
email='staff@example.com',
is_staff=True,
)
self.client.force_login(superuser)
known_url = reverse('admin:admin_views_article_changelist')
response = self.client.get(known_url[:-1])
self.assertRedirects(
response,
'/prefix' + known_url,
status_code=301,
fetch_redirect_response=False,
)
@override_settings(APPEND_SLASH=True) @override_settings(APPEND_SLASH=True)
def test_missing_slash_append_slash_true_non_staff_user(self): def test_missing_slash_append_slash_true_non_staff_user(self):
user = User.objects.create_user( user = User.objects.create_user(