innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
30,679 Commits 25 Branches 361 Tags 501 MiB
Commit Graph

131 Commits

Author SHA1 Message Date
Aymeric Augustin 5fcd9b8c33 Unified LoginView/LogoutView.get_default_redirect_url() methods. 
This might change the behavior when self.next_page == "". However,
resolve_url(self.next_page) would almost certainly fail in that case.

It is technically possible to define a logout URLpattern whose name is
"": path('logout/', LogoutView.as_view(), name=''), and then to refer to
this pattern with next_page = "". However this feels like a pathological
case, so we decided not to handle it.

Most checks on next_page, LOGIN_REDIRECT_URL, and LOGOUT_REDIRECT_URL
are performed with boolean evaluation rather than comparison with None.
That's why we standardizing that way.
 2022-04-20 10:04:29 +02:00
Aymeric Augustin 5b8699e723 Renamed LogoutView.get_next_page() to get_success_url(). 
This aligns it with LoginView. Also, it removes confusion with the
get_next_page() method of paginators. get_next_page() was a private
API, therefore this refactoring is allowed.
 2022-04-20 10:04:29 +02:00
Aymeric Augustin 12576bd371 Refactored out RedirectURLMixin.get_redirect_url(). 
This also renames SuccessURLAllowedHostsMixin to RedirectURLMixin.

This doesn't change the behavior of LogoutView.get_next_page() because
next_page == "" implies url_is_safe == False before the refactoring.
 2022-04-20 10:04:29 +02:00
Aymeric Augustin 903702dfb1 Removed unnecessary default argument from GET.get() call in LoginView.get_redirect_url(). 
The default argument is unnecessary because
url_has_allowed_host_and_scheme() returns False when its first argument
is "" or None, so get_redirect_url() still returns "".

This also aligns LoginView.get_redirect_url() and LogoutView.get_next_page().
 2022-04-19 06:25:38 +02:00
Aymeric Augustin 5591a72571
Fixed #33648 -- Prevented extra redirect in LogoutView on invalid next page when LOGOUT_REDIRECT_URL is set. 2022-04-18 16:33:10 +02:00
René Fleschenberg eb07b5be0c Fixed #15619 -- Deprecated log out via GET requests. 
Thanks Florian Apolloner for the implementation idea.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
 2022-03-29 06:42:14 +02:00
django-bot 9c19aff7c7 Refs #33476 -- Reformatted code with Black. 2022-02-07 20:37:05 +01:00
Mariusz Felisiak 0a4a5e5bac
Refs #32681 -- Fixed VariableDoesNotExist when rendering some admin template. 
Regression in 84609b3205.

Follow up to 4e5bbb6ef2.

Thanks Sourav Kumar for the report.
 2022-01-13 10:10:48 +01:00
Mateo Radman 8a7ac78b70 Refs #32508 -- Raised ImproperlyConfigured/TypeError instead of using "assert" in various code. 2021-06-25 06:55:47 +02:00
ThinkChaos b99d6c9cbc Fixed #28216 -- Added next_page/get_default_redirect_url() to LoginView. 2021-02-08 21:08:05 +01:00
Carlton Gibson 4f61810751 Fixed #30747 -- Renamed is_safe_url() to url_has_allowed_host_and_scheme(). 2019-09-02 15:32:23 +02:00
Rob 58df8aa40f Fixed #28780 -- Allowed specyfing a token parameter displayed in password reset URLs. 
Co-authored-by: Tim Givois <tim.givois.mendez@gmail.com>
 2019-05-24 08:40:25 +02:00
Mattia Procopio aeb8c38178 Fixed #29206 -- Fixed PasswordResetConfirmView crash when the URL contains a non-UUID where one is expected. 2018-03-15 21:33:15 -04:00
Дилян Палаузов d7b2aa24f7 Fixed #28982 -- Simplified code with and/or. 2018-01-03 20:12:23 -05:00
Nick Pope d13a9e44de Fixed #28909 -- Simplified code using tuple/list/set/dict unpacking. 2017-12-11 07:08:45 -05:00
Tim Graham 6e40b70bf4 Refs #26929 -- Removed extra_context parameter of contrib.auth.views.logout_then_login(). 
Per deprecation timeline.
 2017-09-22 12:51:17 -04:00
Tim Graham 4f313e284e Refs #17209 -- Removed login/logout and password reset/change function-based views. 
Per deprecation timeline.
 2017-09-22 12:51:17 -04:00
ZachLiuGIS 2dacc2ccd9 Fixed #28550 -- Restored contrib.auth's login() and logout() views' respect of positional arguments. 
Regression in 78963495d0.

Forwardport of f8e0557b01 from stable/1.11.x
 2017-09-03 12:06:44 -04:00
hui shang c0f4c60edd Fixed #28513 -- Added POST request support to LogoutView. 2017-08-24 09:11:16 -04:00
Mikhail Golubev e7dc39fb65 Fixed #28229 -- Fixed the value of LoginView's "next" template variable. 2017-06-13 09:13:22 -04:00
Camilo Nova 5db465d5a6 Fixed #27891 -- Added PasswordResetConfirmView.post_reset_login_backend. 2017-03-07 19:52:26 -05:00
Claude Paroz 8346680e1c Refs #27795 -- Removed unneeded force_text calls 
Thanks Tim Graham for the review.
 2017-03-04 18:18:21 +01:00
Markus Holtermann b9b35f9efa
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid(). 
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.

Refs #17209

Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
 2017-02-15 00:35:04 +01:00
Tim Graham 854f695014 Refs #27815 -- Reordered LoginView.get_form_kwargs(). 2017-02-07 10:15:43 -05:00
Zoltan Gyarmati 41ba27fefd Fixed #27815 -- Made LoginView pass the request kwarg to AuthenticationForm. 2017-02-07 08:54:21 -05:00
Claude Paroz c651331b34 Converted usage of ugettext* functions to their gettext* aliases 
Thanks Tim Graham for the review.
 2017-02-07 09:04:04 +01:00
Anton Samarchyan 5411821e3b Refs #27656 -- Updated django.contrib docstring verb style according to PEP 257. 2017-02-04 16:39:28 -05:00
Tim Graham 1c466994d9 Refs #23919 -- Removed misc Python 2/3 references. 2017-01-25 13:59:25 -05:00
chillaranand d6eaf7c018 Refs #23919 -- Replaced super(ClassName, self) with super(). 2017-01-25 12:23:46 -05:00
Simon Charette cecc079168 Refs #23919 -- Stopped inheriting from object to define new style classes. 2017-01-19 08:39:46 +01:00
Claude Paroz 2b281cc35e Refs #23919 -- Removed most of remaining six usage 
Thanks Tim Graham for the review.
 2017-01-18 21:33:28 +01:00
Tim Graham 9f9a3d643e Refs #24126 -- Removed auth views' current_app parameter per deprecation timeline. 2017-01-17 20:52:00 -05:00
Romain Garrigues ede59ef6f3 Fixed #27518 -- Prevented possibie password reset token leak via HTTP Referer header. 
Thanks Florian Apolloner for contributing to this patch and
Collin Anderson, Markus Holtermann, and Tim Graham for review.
 2017-01-13 09:17:54 -05:00
Aymeric Augustin cb7bbf97a7
Fixed #25966 -- Made get_user_model() work at import time. 
This makes it equivalent to: `from django.contrib.auth.models import User`.

Thanks Aymeric Augustin for the initial patch and Tim Graham for the
review.
 2016-11-25 14:15:49 +01:00
Florian Apolloner 51eaff6d35 Refs #17209 -- Fixed token verification for PasswordResetConfirmView POST requests. 2016-11-21 13:42:25 -05:00
Jon Dufresne 66e1ebbffc Fixed #26956 -- Added success_url_allowed_hosts to LoginView and LogoutView. 
Allows specifying additional hosts to redirect after login and log out.
 2016-09-07 19:56:25 -07:00
Jon Dufresne f227b8d15d Refs #26956 -- Allowed is_safe_url() to validate against multiple hosts 2016-09-07 19:56:25 -07:00
Przemysław Suliga 549b90fab3 Refs #26902 -- Protected against insecure redirects in Login/LogoutView. 2016-08-19 19:01:01 -04:00
jordij 0814566bf1 Fixed #26960 -- Added PasswordResetConfirmView option to automatically log in after a reset. 2016-08-10 10:23:16 -04:00
Andrew Nester 0ba179194b Fixed #26929 -- Deprecated extra_context parameter of contrib.auth.views.logout_then_login(). 2016-07-28 11:57:02 -04:00
Andrew Nester dde6288fbe Fixed #26882 -- Added tests for auth.views.logout_then_login(). 2016-07-22 15:04:13 -04:00
Claude Paroz 255fb99284 Fixed #17209 -- Added password reset/change class-based views 
Thanks Tim Graham for the review.
 2016-07-16 10:36:12 +02:00
Claude Paroz 78963495d0 Refs #17209 -- Added LoginView and LogoutView class-based views 
Thanks Tim Graham for the review.
 2016-06-24 10:45:13 +02:00
Jeremy Lainé c1aec0feda Fixed #25847 -- Made User.is_(anonymous|authenticated) properties. 2016-04-09 14:54:18 -04:00
Olivier Le Thanh Duong 10781b4c6f Fixed #12233 -- Allowed redirecting authenticated users away from the login view. 
contrib.auth.views.login() has a new parameter `redirect_authenticated_user`
to automatically redirect authenticated users visiting the login page.

Thanks to dmathieu and Alex Buchanan for the original code and to Carl Meyer
for the help and review.
 2016-02-25 07:18:33 -05:00
Hugo Osvaldo Barrera dcee1dfc79 Fixed #12405 -- Added LOGOUT_REDIRECT_URL setting. 
After a user logs out via auth.views.logout(), they're redirected
to LOGOUT_REDIRECT_URL if no `next_page` argument is provided.
 2016-02-04 10:35:37 -05:00
Marten Kenbeek 16411b8400 Fixed #26013 -- Moved django.core.urlresolvers to django.urls. 
Thanks to Tim Graham for the review.
 2015-12-31 14:21:29 -05:00
Kaleb Elwert adcf823359 Fixed #25490 -- Made the logout() view send "no-cache" headers. 2015-10-02 12:29:54 -04:00
Tim Graham 849037af36 Refs #23957 -- Required session verification per deprecation timeline. 2015-09-23 19:31:10 -04:00
Tim Graham f1761e3fef Refs #21648 -- Removed is_admin_site option from password_reset() view. 
Per deprecation timeline.
 2015-09-23 19:31:10 -04:00