p15693087
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #3185 -- Made values for login, logout and post-login redirect URLs 

configurable. This is a combined patch from Vasily Sulatskov, Marc Fargas and
Collin Grady.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@5072 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Malcolm Tredinnick 2007-04-25 08:49:57 +00:00
parent d744a660c4
commit 5dfe74f221
8 changed files with 65 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
django/conf/global_settings.py
View File

@ -312,6 +312,12 @@ BANNED_IPS = ()
AUTHENTICATION_BACKENDS = ('django.contrib.auth.backends.ModelBackend',)
LOGIN_URL = '/accounts/login/'
LOGOUT_URL = '/accounts/logout/'
LOGIN_REDIRECT_URL = '/accounts/profile/'
###########
# TESTING #
###########

1
django/contrib/auth/__init__.py
View File

@ -2,7 +2,6 @@ from django.core.exceptions import ImproperlyConfigured
SESSION_KEY = '_auth_user_id'
BACKEND_SESSION_KEY = '_auth_user_backend'
LOGIN_URL = '/accounts/login/'
REDIRECT_FIELD_NAME = 'next'
def load_backend(path):

9
django/contrib/auth/decorators.py
View File

@ -1,13 +1,16 @@
from django.contrib.auth import LOGIN_URL, REDIRECT_FIELD_NAME
from django.contrib.auth import REDIRECT_FIELD_NAME
from django.http import HttpResponseRedirect
from urllib import quote
def user_passes_test(test_func, login_url=LOGIN_URL):
def user_passes_test(test_func, login_url=None):
"""
Decorator for views that checks that the user passes the given test,
redirecting to the log-in page if necessary. The test should be a callable
that takes the user object and returns True if the user passes.
"""
if not login_url:
from django.conf import settings
login_url = settings.LOGIN_URL
def _dec(view_func):
def _checklogin(request, *args, **kwargs):
if test_func(request.user):
@ -27,7 +30,7 @@ login_required.__doc__ = (
"""
)
def permission_required(perm, login_url=LOGIN_URL):
def permission_required(perm, login_url=None):
"""
Decorator for views that checks whether a user has a particular permission
enabled, redirecting to the log-in page if necessary.

15
django/contrib/auth/views.py
View File

@ -6,7 +6,7 @@ from django.template import RequestContext
from django.contrib.sites.models import Site
from django.http import HttpResponseRedirect
from django.contrib.auth.decorators import login_required
from django.contrib.auth import LOGIN_URL, REDIRECT_FIELD_NAME
from django.contrib.auth import REDIRECT_FIELD_NAME
def login(request, template_name='registration/login.html'):
"Displays the login form and handles the login action."
@ -17,7 +17,8 @@ def login(request, template_name='registration/login.html'):
if not errors:
# Light security check -- make sure redirect_to isn't garbage.
if not redirect_to or '://' in redirect_to or ' ' in redirect_to:
redirect_to = '/accounts/profile/'
from django.conf import settings
redirect_to = settings.LOGIN_REDIRECT_URL
from django.contrib.auth import login
login(request, manipulator.get_user())
request.session.delete_test_cookie()
@ -41,12 +42,18 @@ def logout(request, next_page=None, template_name='registration/logged_out.html'
# Redirect to this page until the session has been cleared.
return HttpResponseRedirect(next_page or request.path)
def logout_then_login(request, login_url=LOGIN_URL):
def logout_then_login(request, login_url=None):
"Logs out the user if he is logged in. Then redirects to the log-in page."
if not login_url:
from django.conf import settings
login_url = settings.LOGIN_URL
return logout(request, login_url)
def redirect_to_login(next, login_url=LOGIN_URL):
def redirect_to_login(next, login_url=None):
"Redirects the user to the login page, passing the given 'next' page"
if not login_url:
from django.conf import settings
login_url = settings.LOGIN_URL
return HttpResponseRedirect('%s?%s=%s' % (login_url, REDIRECT_FIELD_NAME, next))
def password_reset(request, is_admin_site=False, template_name='registration/password_reset_form.html',

2
django/contrib/comments/templates/comments/form.html
View File

@ -3,7 +3,7 @@
<form {% if photos_optional or photos_required %}enctype="multipart/form-data" {% endif %}action="/comments/post/" method="post">
{% if user.is_authenticated %}
<p>{% trans "Username:" %} <strong>{{ user.username }}</strong> (<a href="/accounts/logout/">{% trans "Log out" %}</a>)</p>
<p>{% trans "Username:" %} <strong>{{ user.username }}</strong> (<a href="{{ logout_url }}">{% trans "Log out" %}</a>)</p>
{% else %}
<p><label for="id_username">{% trans "Username:" %}</label> <input type="text" name="username" id="id_username" /><br />{% trans "Password:" %} <input type="password" name="password" id="id_password" /> (<a href="/accounts/password_reset/">{% trans "Forgotten your password?" %}</a>)</p>
{% endif %}

2
django/contrib/comments/templatetags/comments.py
View File

@ -25,6 +25,7 @@ class CommentFormNode(template.Node):
self.is_public = is_public
def render(self, context):
from django.conf import settings
from django.utils.text import normalize_newlines
import base64
context.push()
@ -64,6 +65,7 @@ class CommentFormNode(template.Node):
if self.rating_options:
context['rating_range'], context['rating_choices'] = Comment.objects.get_rating_options(self.rating_options)
context['hash'] = Comment.objects.get_security_hash(context['options'], context['photo_options'], context['rating_options'], context['target'])
context['logout_url'] = settings.LOGOUT_URL
default_form = loader.get_template(COMMENT_FORM)
output = default_form.render(context)
context.pop()

23
docs/authentication.txt
View File

@ -387,14 +387,15 @@ introduced in Python 2.4::
``login_required`` does the following:
* If the user isn't logged in, redirect to ``/accounts/login/``, passing
the current absolute URL in the query string as ``next``. For example:
* If the user isn't logged in, redirect to ``settings.LOGIN_URL``
(``/accounts/login/`` by default), passing the current absolute URL
in the query string as ``next``. For example:
``/accounts/login/?next=/polls/3/``.
* If the user is logged in, execute the view normally. The view code is
free to assume the user is logged in.
Note that you'll need to map the appropriate Django view to ``/accounts/login/``.
To do this, add the following line to your URLconf::
Note that you'll need to map the appropriate Django view to ``settings.LOGIN_URL``.
For example, using the defaults, add the following line to your URLconf::
(r'^accounts/login/$', 'django.contrib.auth.views.login'),
@ -405,9 +406,9 @@ Here's what ``django.contrib.auth.views.login`` does:
* If called via ``POST``, it tries to log the user in. If login is
successful, the view redirects to the URL specified in ``next``. If
``next`` isn't provided, it redirects to ``/accounts/profile/`` (which is
currently hard-coded). If login isn't successful, it redisplays the login
form.
``next`` isn't provided, it redirects to ``settings.LOGIN_REDIRECT_URL``
(which defaults to ``/accounts/profile/``). If login isn't successful,
it redisplays the login form.
It's your responsibility to provide the login form in a template called
``registration/login.html`` by default. This template gets passed three
@ -487,7 +488,7 @@ Logs a user out, then redirects to the login page.
**Optional arguments:**
* ``login_url``: The URL of the login page to redirect to. This
will default to ``/accounts/login/`` if not supplied.
will default to ``settings.LOGIN_URL`` if not supplied.
``django.contrib.auth.views.password_change``
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@ -569,7 +570,7 @@ successful login.
**Optional arguments:**
* ``login_url``: The URL of the login page to redirect to. This
will default to ``/accounts/login/`` if not supplied.
will default to ``settings.LOGIN_URL`` if not supplied.
Built-in manipulators
---------------------
@ -636,7 +637,7 @@ Note that ``user_passes_test`` does not automatically check that the ``User``
is not anonymous.
``user_passes_test()`` takes an optional ``login_url`` argument, which lets you
specify the URL for your login page (``/accounts/login/`` by default).
specify the URL for your login page (``settings.LOGIN_URL`` by default).
Example in Python 2.3 syntax::
@ -680,7 +681,7 @@ parameter. Example::
my_view = permission_required('polls.can_vote', login_url='/loginpage/')(my_view)
As in the ``login_required`` decorator, ``login_url`` defaults to
``'/accounts/login/'``.
``settings.LOGIN_URL``.
Limiting access to generic views
--------------------------------

27
docs/settings.txt
View File

@ -562,6 +562,21 @@ strings for translation, but the translation won't happen at runtime -- so
you'll have to remember to wrap the languages in the *real* ``gettext()`` in
any code that uses ``LANGUAGES`` at runtime.
LOGIN_URL
---------
Default: ``'/accounts/login/'``
The URL where requests are redirected for login, specially when using the
`@login_required`_ decorator.
LOGOUT_URL
----------
Default: ``'/accounts/logout/'``
LOGIN_URL counterpart.
MANAGERS
--------
@ -620,6 +635,16 @@ locales have different formats. For example, U.S. English would say
See `allowed date format strings`_. See also DATE_FORMAT, DATETIME_FORMAT,
TIME_FORMAT and YEAR_MONTH_FORMAT.
LOGIN_REDIRECT_URL
------------------
Default: ``'/accounts/profile/'``
The URL where requests are redirected after login when the
``contrib.auth.login`` view gets no ``next`` parameter.
This is used by the `@login_required`_ decorator, for example.
PREPEND_WWW
-----------
@ -1012,6 +1037,8 @@ Also, it's an error to call ``configure()`` more than once, or to call
It boils down to this: Use exactly one of either ``configure()`` or
``DJANGO_SETTINGS_MODULE``. Not both, and not neither.
.. _@login_required: ../authentication/#the-login-required-decorator
Error reporting via e-mail
==========================