Refs #15619 -- Logged out with POST requests in admin.
This commit is contained in:
parent
1b695fbbc2
commit
94d8ed55fa
django/contrib/admin
static/admin/css
templates
docs/releases
tests
|
@ -878,7 +878,7 @@ a.deletelink:focus, a.deletelink:hover {
|
||||||
overflow: hidden;
|
overflow: hidden;
|
||||||
}
|
}
|
||||||
|
|
||||||
#header a:link, #header a:visited {
|
#header a:link, #header a:visited, #logout-form button {
|
||||||
color: var(--header-link-color);
|
color: var(--header-link-color);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -914,22 +914,37 @@ a.deletelink:focus, a.deletelink:hover {
|
||||||
text-decoration: none;
|
text-decoration: none;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#logout-form {
|
||||||
|
display: inline;
|
||||||
|
}
|
||||||
|
|
||||||
|
#logout-form button {
|
||||||
|
background: none;
|
||||||
|
border: 0;
|
||||||
|
cursor: pointer;
|
||||||
|
font-family: "Roboto","Lucida Grande","DejaVu Sans","Bitstream Vera Sans",Verdana,Arial,sans-serif;
|
||||||
|
}
|
||||||
|
|
||||||
#user-tools {
|
#user-tools {
|
||||||
float: right;
|
float: right;
|
||||||
padding: 0;
|
|
||||||
margin: 0 0 0 20px;
|
margin: 0 0 0 20px;
|
||||||
|
text-align: right;
|
||||||
|
}
|
||||||
|
|
||||||
|
#user-tools, #logout-form button{
|
||||||
|
padding: 0;
|
||||||
font-weight: 300;
|
font-weight: 300;
|
||||||
font-size: 0.6875rem;
|
font-size: 0.6875rem;
|
||||||
letter-spacing: 0.5px;
|
letter-spacing: 0.5px;
|
||||||
text-transform: uppercase;
|
text-transform: uppercase;
|
||||||
text-align: right;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#user-tools a {
|
#user-tools a, #logout-form button {
|
||||||
border-bottom: 1px solid rgba(255, 255, 255, 0.25);
|
border-bottom: 1px solid rgba(255, 255, 255, 0.25);
|
||||||
}
|
}
|
||||||
|
|
||||||
#user-tools a:focus, #user-tools a:hover {
|
#user-tools a:focus, #user-tools a:hover,
|
||||||
|
#logout-form button:active, #logout-form button:hover {
|
||||||
text-decoration: none;
|
text-decoration: none;
|
||||||
border-bottom-color: var(--primary);
|
border-bottom-color: var(--primary);
|
||||||
color: var(--primary);
|
color: var(--primary);
|
||||||
|
|
|
@ -55,7 +55,10 @@
|
||||||
{% if user.has_usable_password %}
|
{% if user.has_usable_password %}
|
||||||
<a href="{% url 'admin:password_change' %}">{% translate 'Change password' %}</a> /
|
<a href="{% url 'admin:password_change' %}">{% translate 'Change password' %}</a> /
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<a href="{% url 'admin:logout' %}">{% translate 'Log out' %}</a>
|
<form id="logout-form" method="post" action="{% url 'admin:logout' %}">
|
||||||
|
{% csrf_token %}
|
||||||
|
<button type="submit">{% translate 'Log out' %}</button>
|
||||||
|
</form>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
</div>
|
</div>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -1,6 +1,12 @@
|
||||||
{% extends "admin/base_site.html" %}
|
{% extends "admin/base_site.html" %}
|
||||||
{% load i18n %}
|
{% load i18n %}
|
||||||
{% block userlinks %}{% url 'django-admindocs-docroot' as docsroot %}{% if docsroot %}<a href="{{ docsroot }}">{% translate 'Documentation' %}</a> / {% endif %}{% translate 'Change password' %} / <a href="{% url 'admin:logout' %}">{% translate 'Log out' %}</a>{% endblock %}
|
{% block userlinks %}
|
||||||
|
{% url 'django-admindocs-docroot' as docsroot %}{% if docsroot %}<a href="{{ docsroot }}">{% translate 'Documentation' %}</a> / {% endif %}{% translate 'Change password' %} /
|
||||||
|
<form id="logout-form" method="post" action="{% url 'admin:logout' %}">
|
||||||
|
{% csrf_token %}
|
||||||
|
<button type="submit">{% translate 'Log out' %}</button>
|
||||||
|
</form>
|
||||||
|
{% endblock %}
|
||||||
{% block breadcrumbs %}
|
{% block breadcrumbs %}
|
||||||
<div class="breadcrumbs">
|
<div class="breadcrumbs">
|
||||||
<a href="{% url 'admin:index' %}">{% translate 'Home' %}</a>
|
<a href="{% url 'admin:index' %}">{% translate 'Home' %}</a>
|
||||||
|
|
|
@ -1,7 +1,13 @@
|
||||||
{% extends "admin/base_site.html" %}
|
{% extends "admin/base_site.html" %}
|
||||||
{% load i18n static %}
|
{% load i18n static %}
|
||||||
{% block extrastyle %}{{ block.super }}<link rel="stylesheet" href="{% static "admin/css/forms.css" %}">{% endblock %}
|
{% block extrastyle %}{{ block.super }}<link rel="stylesheet" href="{% static "admin/css/forms.css" %}">{% endblock %}
|
||||||
{% block userlinks %}{% url 'django-admindocs-docroot' as docsroot %}{% if docsroot %}<a href="{{ docsroot }}">{% translate 'Documentation' %}</a> / {% endif %} {% translate 'Change password' %} / <a href="{% url 'admin:logout' %}">{% translate 'Log out' %}</a>{% endblock %}
|
{% block userlinks %}
|
||||||
|
{% url 'django-admindocs-docroot' as docsroot %}{% if docsroot %}<a href="{{ docsroot }}">{% translate 'Documentation' %}</a> / {% endif %} {% translate 'Change password' %} /
|
||||||
|
<form id="logout-form" method="post" action="{% url 'admin:logout' %}">
|
||||||
|
{% csrf_token %}
|
||||||
|
<button type="submit">{% translate 'Log out' %}</button>
|
||||||
|
</form>
|
||||||
|
{% endblock %}
|
||||||
{% block breadcrumbs %}
|
{% block breadcrumbs %}
|
||||||
<div class="breadcrumbs">
|
<div class="breadcrumbs">
|
||||||
<a href="{% url 'admin:index' %}">{% translate 'Home' %}</a>
|
<a href="{% url 'admin:index' %}">{% translate 'Home' %}</a>
|
||||||
|
|
|
@ -436,6 +436,8 @@ Miscellaneous
|
||||||
* The ``size`` argument of the undocumented
|
* The ``size`` argument of the undocumented
|
||||||
``django.views.static.was_modified_since()`` function is removed.
|
``django.views.static.was_modified_since()`` function is removed.
|
||||||
|
|
||||||
|
* The admin log out UI now uses ``POST`` requests.
|
||||||
|
|
||||||
.. _deprecated-features-4.1:
|
.. _deprecated-features-4.1:
|
||||||
|
|
||||||
Features deprecated in 4.1
|
Features deprecated in 4.1
|
||||||
|
|
|
@ -911,7 +911,11 @@ class AdminViewBasicTest(AdminViewBasicTestCase):
|
||||||
|
|
||||||
def test_logout_and_password_change_URLs(self):
|
def test_logout_and_password_change_URLs(self):
|
||||||
response = self.client.get(reverse("admin:admin_views_article_changelist"))
|
response = self.client.get(reverse("admin:admin_views_article_changelist"))
|
||||||
self.assertContains(response, '<a href="%s">' % reverse("admin:logout"))
|
self.assertContains(
|
||||||
|
response,
|
||||||
|
'<form id="logout-form" method="post" action="%s">'
|
||||||
|
% reverse("admin:logout"),
|
||||||
|
)
|
||||||
self.assertContains(
|
self.assertContains(
|
||||||
response, '<a href="%s">' % reverse("admin:password_change")
|
response, '<a href="%s">' % reverse("admin:password_change")
|
||||||
)
|
)
|
||||||
|
@ -1411,14 +1415,15 @@ class AdminViewBasicTest(AdminViewBasicTestCase):
|
||||||
reverse("admin:app_list", args=("admin_views",)),
|
reverse("admin:app_list", args=("admin_views",)),
|
||||||
reverse("admin:admin_views_article_delete", args=(self.a1.pk,)),
|
reverse("admin:admin_views_article_delete", args=(self.a1.pk,)),
|
||||||
reverse("admin:admin_views_article_history", args=(self.a1.pk,)),
|
reverse("admin:admin_views_article_history", args=(self.a1.pk,)),
|
||||||
# Login must be after logout.
|
|
||||||
reverse("admin:logout"),
|
|
||||||
reverse("admin:login"),
|
|
||||||
]
|
]
|
||||||
for url in tests:
|
for url in tests:
|
||||||
with self.subTest(url=url):
|
with self.subTest(url=url):
|
||||||
with self.assertNoLogs("django.template", "DEBUG"):
|
with self.assertNoLogs("django.template", "DEBUG"):
|
||||||
self.client.get(url)
|
self.client.get(url)
|
||||||
|
# Login must be after logout.
|
||||||
|
with self.assertNoLogs("django.template", "DEBUG"):
|
||||||
|
self.client.post(reverse("admin:logout"))
|
||||||
|
self.client.get(reverse("admin:login"))
|
||||||
|
|
||||||
def test_render_delete_selected_confirmation_no_subtitle(self):
|
def test_render_delete_selected_confirmation_no_subtitle(self):
|
||||||
post_data = {
|
post_data = {
|
||||||
|
@ -1833,7 +1838,7 @@ class CustomModelAdminTest(AdminViewBasicTestCase):
|
||||||
self.assertContains(response, "Hello from a custom login template")
|
self.assertContains(response, "Hello from a custom login template")
|
||||||
|
|
||||||
def test_custom_admin_site_logout_template(self):
|
def test_custom_admin_site_logout_template(self):
|
||||||
response = self.client.get(reverse("admin2:logout"))
|
response = self.client.post(reverse("admin2:logout"))
|
||||||
self.assertIsInstance(response, TemplateResponse)
|
self.assertIsInstance(response, TemplateResponse)
|
||||||
self.assertTemplateUsed(response, "custom_admin/logout.html")
|
self.assertTemplateUsed(response, "custom_admin/logout.html")
|
||||||
self.assertContains(response, "Hello from a custom logout template")
|
self.assertContains(response, "Hello from a custom logout template")
|
||||||
|
@ -2050,7 +2055,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
login = self.client.post(login_url, self.super_login)
|
login = self.client.post(login_url, self.super_login)
|
||||||
self.assertRedirects(login, self.index_url)
|
self.assertRedirects(login, self.index_url)
|
||||||
self.assertFalse(login.context)
|
self.assertFalse(login.context)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# Test if user enters email address
|
# Test if user enters email address
|
||||||
response = self.client.get(self.index_url)
|
response = self.client.get(self.index_url)
|
||||||
|
@ -2072,7 +2077,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
login = self.client.post(login_url, self.viewuser_login)
|
login = self.client.post(login_url, self.viewuser_login)
|
||||||
self.assertRedirects(login, self.index_url)
|
self.assertRedirects(login, self.index_url)
|
||||||
self.assertFalse(login.context)
|
self.assertFalse(login.context)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# Add User
|
# Add User
|
||||||
response = self.client.get(self.index_url)
|
response = self.client.get(self.index_url)
|
||||||
|
@ -2080,7 +2085,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
login = self.client.post(login_url, self.adduser_login)
|
login = self.client.post(login_url, self.adduser_login)
|
||||||
self.assertRedirects(login, self.index_url)
|
self.assertRedirects(login, self.index_url)
|
||||||
self.assertFalse(login.context)
|
self.assertFalse(login.context)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# Change User
|
# Change User
|
||||||
response = self.client.get(self.index_url)
|
response = self.client.get(self.index_url)
|
||||||
|
@ -2088,7 +2093,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
login = self.client.post(login_url, self.changeuser_login)
|
login = self.client.post(login_url, self.changeuser_login)
|
||||||
self.assertRedirects(login, self.index_url)
|
self.assertRedirects(login, self.index_url)
|
||||||
self.assertFalse(login.context)
|
self.assertFalse(login.context)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# Delete User
|
# Delete User
|
||||||
response = self.client.get(self.index_url)
|
response = self.client.get(self.index_url)
|
||||||
|
@ -2096,7 +2101,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
login = self.client.post(login_url, self.deleteuser_login)
|
login = self.client.post(login_url, self.deleteuser_login)
|
||||||
self.assertRedirects(login, self.index_url)
|
self.assertRedirects(login, self.index_url)
|
||||||
self.assertFalse(login.context)
|
self.assertFalse(login.context)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# Regular User should not be able to login.
|
# Regular User should not be able to login.
|
||||||
response = self.client.get(self.index_url)
|
response = self.client.get(self.index_url)
|
||||||
|
@ -2137,7 +2142,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
)
|
)
|
||||||
self.assertRedirects(login, reverse("has_permission_admin:index"))
|
self.assertRedirects(login, reverse("has_permission_admin:index"))
|
||||||
self.assertFalse(login.context)
|
self.assertFalse(login.context)
|
||||||
self.client.get(reverse("has_permission_admin:logout"))
|
self.client.post(reverse("has_permission_admin:logout"))
|
||||||
|
|
||||||
# Staff should be able to login.
|
# Staff should be able to login.
|
||||||
response = self.client.get(reverse("has_permission_admin:index"))
|
response = self.client.get(reverse("has_permission_admin:index"))
|
||||||
|
@ -2152,7 +2157,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
)
|
)
|
||||||
self.assertRedirects(login, reverse("has_permission_admin:index"))
|
self.assertRedirects(login, reverse("has_permission_admin:index"))
|
||||||
self.assertFalse(login.context)
|
self.assertFalse(login.context)
|
||||||
self.client.get(reverse("has_permission_admin:logout"))
|
self.client.post(reverse("has_permission_admin:logout"))
|
||||||
|
|
||||||
def test_login_successfully_redirects_to_original_URL(self):
|
def test_login_successfully_redirects_to_original_URL(self):
|
||||||
response = self.client.get(self.index_url)
|
response = self.client.get(self.index_url)
|
||||||
|
@ -2192,7 +2197,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
login = self.client.post(login_url, self.super_login)
|
login = self.client.post(login_url, self.super_login)
|
||||||
self.assertRedirects(login, self.index_url)
|
self.assertRedirects(login, self.index_url)
|
||||||
self.assertFalse(login.context)
|
self.assertFalse(login.context)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
def test_login_page_notice_for_non_staff_users(self):
|
def test_login_page_notice_for_non_staff_users(self):
|
||||||
"""
|
"""
|
||||||
|
@ -2234,7 +2239,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
post = self.client.post(reverse("admin:admin_views_article_add"), add_dict)
|
post = self.client.post(reverse("admin:admin_views_article_add"), add_dict)
|
||||||
self.assertEqual(post.status_code, 403)
|
self.assertEqual(post.status_code, 403)
|
||||||
self.assertEqual(Article.objects.count(), 3)
|
self.assertEqual(Article.objects.count(), 3)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# View User should not have access to add articles
|
# View User should not have access to add articles
|
||||||
self.client.force_login(self.viewuser)
|
self.client.force_login(self.viewuser)
|
||||||
|
@ -2268,7 +2273,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
'<li class="success">The article “Døm ikke” was added successfully.</li>',
|
'<li class="success">The article “Døm ikke” was added successfully.</li>',
|
||||||
)
|
)
|
||||||
article.delete()
|
article.delete()
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# Add user may login and POST to add view, then redirect to admin root
|
# Add user may login and POST to add view, then redirect to admin root
|
||||||
self.client.force_login(self.adduser)
|
self.client.force_login(self.adduser)
|
||||||
|
@ -2289,7 +2294,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
self.assertEqual(Article.objects.count(), 4)
|
self.assertEqual(Article.objects.count(), 4)
|
||||||
self.assertEqual(len(mail.outbox), 2)
|
self.assertEqual(len(mail.outbox), 2)
|
||||||
self.assertEqual(mail.outbox[0].subject, "Greetings from a created object")
|
self.assertEqual(mail.outbox[0].subject, "Greetings from a created object")
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# The addition was logged correctly
|
# The addition was logged correctly
|
||||||
addition_log = LogEntry.objects.all()[0]
|
addition_log = LogEntry.objects.all()[0]
|
||||||
|
@ -2316,7 +2321,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
post = self.client.post(reverse("admin:admin_views_article_add"), add_dict)
|
post = self.client.post(reverse("admin:admin_views_article_add"), add_dict)
|
||||||
self.assertRedirects(post, reverse("admin:admin_views_article_changelist"))
|
self.assertRedirects(post, reverse("admin:admin_views_article_changelist"))
|
||||||
self.assertEqual(Article.objects.count(), 5)
|
self.assertEqual(Article.objects.count(), 5)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# 8509 - if a normal user is already logged in, it is possible
|
# 8509 - if a normal user is already logged in, it is possible
|
||||||
# to change user into the superuser without error
|
# to change user into the superuser without error
|
||||||
|
@ -2371,7 +2376,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
self.assertEqual(response.status_code, 403)
|
self.assertEqual(response.status_code, 403)
|
||||||
post = self.client.post(article_change_url, change_dict)
|
post = self.client.post(article_change_url, change_dict)
|
||||||
self.assertEqual(post.status_code, 403)
|
self.assertEqual(post.status_code, 403)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# view user can view articles but not make changes.
|
# view user can view articles but not make changes.
|
||||||
self.client.force_login(self.viewuser)
|
self.client.force_login(self.viewuser)
|
||||||
|
@ -2397,7 +2402,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
Article.objects.get(pk=self.a1.pk).content, "<p>Middle content</p>"
|
Article.objects.get(pk=self.a1.pk).content, "<p>Middle content</p>"
|
||||||
)
|
)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# change user can view all items and edit them
|
# change user can view all items and edit them
|
||||||
self.client.force_login(self.changeuser)
|
self.client.force_login(self.changeuser)
|
||||||
|
@ -2443,7 +2448,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
"errors"
|
"errors"
|
||||||
),
|
),
|
||||||
)
|
)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# Test redirection when using row-level change permissions. Refs #11513.
|
# Test redirection when using row-level change permissions. Refs #11513.
|
||||||
r1 = RowLevelChangePermissionModel.objects.create(id=1, name="odd id")
|
r1 = RowLevelChangePermissionModel.objects.create(id=1, name="odd id")
|
||||||
|
@ -2502,7 +2507,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
)
|
)
|
||||||
self.assertRedirects(response, self.index_url)
|
self.assertRedirects(response, self.index_url)
|
||||||
|
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
for login_user in [self.joepublicuser, self.nostaffuser]:
|
for login_user in [self.joepublicuser, self.nostaffuser]:
|
||||||
with self.subTest(login_user.username):
|
with self.subTest(login_user.username):
|
||||||
|
@ -2525,7 +2530,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
RowLevelChangePermissionModel.objects.get(id=2).name, "changed"
|
RowLevelChangePermissionModel.objects.get(id=2).name, "changed"
|
||||||
)
|
)
|
||||||
self.assertContains(response, "login-form")
|
self.assertContains(response, "login-form")
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
def test_change_view_without_object_change_permission(self):
|
def test_change_view_without_object_change_permission(self):
|
||||||
"""
|
"""
|
||||||
|
@ -2785,7 +2790,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
reverse("admin:admin_views_article_history", args=(self.a1.pk,))
|
reverse("admin:admin_views_article_history", args=(self.a1.pk,))
|
||||||
)
|
)
|
||||||
self.assertEqual(response.status_code, 403)
|
self.assertEqual(response.status_code, 403)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# view user can view all items
|
# view user can view all items
|
||||||
self.client.force_login(self.viewuser)
|
self.client.force_login(self.viewuser)
|
||||||
|
@ -2793,7 +2798,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
reverse("admin:admin_views_article_history", args=(self.a1.pk,))
|
reverse("admin:admin_views_article_history", args=(self.a1.pk,))
|
||||||
)
|
)
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
# change user can view all items and edit them
|
# change user can view all items and edit them
|
||||||
self.client.force_login(self.changeuser)
|
self.client.force_login(self.changeuser)
|
||||||
|
@ -2829,7 +2834,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
response = self.client.get(url)
|
response = self.client.get(url)
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
|
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
for login_user in [self.joepublicuser, self.nostaffuser]:
|
for login_user in [self.joepublicuser, self.nostaffuser]:
|
||||||
with self.subTest(login_user.username):
|
with self.subTest(login_user.username):
|
||||||
|
@ -2847,7 +2852,7 @@ class AdminViewPermissionsTest(TestCase):
|
||||||
response = self.client.get(url, follow=True)
|
response = self.client.get(url, follow=True)
|
||||||
self.assertContains(response, "login-form")
|
self.assertContains(response, "login-form")
|
||||||
|
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
def test_history_view_bad_url(self):
|
def test_history_view_bad_url(self):
|
||||||
self.client.force_login(self.changeuser)
|
self.client.force_login(self.changeuser)
|
||||||
|
@ -3229,7 +3234,7 @@ class AdminViewsNoUrlTest(TestCase):
|
||||||
r = self.client.get(reverse("admin:index"))
|
r = self.client.get(reverse("admin:index"))
|
||||||
# we shouldn't get a 500 error caused by a NoReverseMatch
|
# we shouldn't get a 500 error caused by a NoReverseMatch
|
||||||
self.assertEqual(r.status_code, 200)
|
self.assertEqual(r.status_code, 200)
|
||||||
self.client.get(reverse("admin:logout"))
|
self.client.post(reverse("admin:logout"))
|
||||||
|
|
||||||
|
|
||||||
@skipUnlessDBFeature("can_defer_constraint_checks")
|
@skipUnlessDBFeature("can_defer_constraint_checks")
|
||||||
|
@ -3933,10 +3938,10 @@ class AdminViewListEditable(TestCase):
|
||||||
# 4 action inputs (3 regular checkboxes, 1 checkbox to select all)
|
# 4 action inputs (3 regular checkboxes, 1 checkbox to select all)
|
||||||
# main form submit button = 1
|
# main form submit button = 1
|
||||||
# search field and search submit button = 2
|
# search field and search submit button = 2
|
||||||
# CSRF field = 1
|
# CSRF field = 2
|
||||||
# field to track 'select all' across paginated views = 1
|
# field to track 'select all' across paginated views = 1
|
||||||
# 6 + 4 + 4 + 1 + 2 + 1 + 1 = 19 inputs
|
# 6 + 4 + 4 + 1 + 2 + 2 + 1 = 20 inputs
|
||||||
self.assertContains(response, "<input", count=20)
|
self.assertContains(response, "<input", count=21)
|
||||||
# 1 select per object = 3 selects
|
# 1 select per object = 3 selects
|
||||||
self.assertContains(response, "<select", count=4)
|
self.assertContains(response, "<select", count=4)
|
||||||
|
|
||||||
|
@ -4513,6 +4518,7 @@ class AdminInheritedInlinesTest(TestCase):
|
||||||
# test the add case
|
# test the add case
|
||||||
response = self.client.get(reverse("admin:admin_views_persona_add"))
|
response = self.client.get(reverse("admin:admin_views_persona_add"))
|
||||||
names = name_re.findall(response.content)
|
names = name_re.findall(response.content)
|
||||||
|
names.remove(b"csrfmiddlewaretoken")
|
||||||
# make sure we have no duplicate HTML names
|
# make sure we have no duplicate HTML names
|
||||||
self.assertEqual(len(names), len(set(names)))
|
self.assertEqual(len(names), len(set(names)))
|
||||||
|
|
||||||
|
@ -4549,6 +4555,7 @@ class AdminInheritedInlinesTest(TestCase):
|
||||||
reverse("admin:admin_views_persona_change", args=(persona_id,))
|
reverse("admin:admin_views_persona_change", args=(persona_id,))
|
||||||
)
|
)
|
||||||
names = name_re.findall(response.content)
|
names = name_re.findall(response.content)
|
||||||
|
names.remove(b"csrfmiddlewaretoken")
|
||||||
# make sure we have no duplicate HTML names
|
# make sure we have no duplicate HTML names
|
||||||
self.assertEqual(len(names), len(set(names)))
|
self.assertEqual(len(names), len(set(names)))
|
||||||
|
|
||||||
|
@ -5366,7 +5373,7 @@ class NeverCacheTests(TestCase):
|
||||||
|
|
||||||
def test_logout(self):
|
def test_logout(self):
|
||||||
"Check the never-cache status of logout view"
|
"Check the never-cache status of logout view"
|
||||||
response = self.client.get(reverse("admin:logout"))
|
response = self.client.post(reverse("admin:logout"))
|
||||||
self.assertEqual(get_max_age(response), 0)
|
self.assertEqual(get_max_age(response), 0)
|
||||||
|
|
||||||
def test_password_change(self):
|
def test_password_change(self):
|
||||||
|
@ -6221,7 +6228,8 @@ class ReadonlyTest(AdminFieldExtractionMixin, TestCase):
|
||||||
self.assertNotContains(response, 'name="posted"')
|
self.assertNotContains(response, 'name="posted"')
|
||||||
# 3 fields + 2 submit buttons + 5 inline management form fields, + 2
|
# 3 fields + 2 submit buttons + 5 inline management form fields, + 2
|
||||||
# hidden fields for inlines + 1 field for the inline + 2 empty form
|
# hidden fields for inlines + 1 field for the inline + 2 empty form
|
||||||
self.assertContains(response, "<input", count=16)
|
# + 1 logout form.
|
||||||
|
self.assertContains(response, "<input", count=17)
|
||||||
self.assertContains(response, formats.localize(datetime.date.today()))
|
self.assertContains(response, formats.localize(datetime.date.today()))
|
||||||
self.assertContains(response, "<label>Awesomeness level:</label>")
|
self.assertContains(response, "<label>Awesomeness level:</label>")
|
||||||
self.assertContains(response, "Very awesome.")
|
self.assertContains(response, "Very awesome.")
|
||||||
|
@ -7335,7 +7343,7 @@ class AdminViewLogoutTests(TestCase):
|
||||||
|
|
||||||
def test_logout(self):
|
def test_logout(self):
|
||||||
self.client.force_login(self.superuser)
|
self.client.force_login(self.superuser)
|
||||||
response = self.client.get(reverse("admin:logout"))
|
response = self.client.post(reverse("admin:logout"))
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
self.assertTemplateUsed(response, "registration/logged_out.html")
|
self.assertTemplateUsed(response, "registration/logged_out.html")
|
||||||
self.assertEqual(response.request["PATH_INFO"], reverse("admin:logout"))
|
self.assertEqual(response.request["PATH_INFO"], reverse("admin:logout"))
|
||||||
|
@ -7345,13 +7353,13 @@ class AdminViewLogoutTests(TestCase):
|
||||||
) # user-tools div shouldn't visible.
|
) # user-tools div shouldn't visible.
|
||||||
|
|
||||||
def test_client_logout_url_can_be_used_to_login(self):
|
def test_client_logout_url_can_be_used_to_login(self):
|
||||||
response = self.client.get(reverse("admin:logout"))
|
response = self.client.post(reverse("admin:logout"))
|
||||||
self.assertEqual(
|
self.assertEqual(
|
||||||
response.status_code, 302
|
response.status_code, 302
|
||||||
) # we should be redirected to the login page.
|
) # we should be redirected to the login page.
|
||||||
|
|
||||||
# follow the redirect and test results.
|
# follow the redirect and test results.
|
||||||
response = self.client.get(reverse("admin:logout"), follow=True)
|
response = self.client.post(reverse("admin:logout"), follow=True)
|
||||||
self.assertContains(
|
self.assertContains(
|
||||||
response,
|
response,
|
||||||
'<input type="hidden" name="next" value="%s">' % reverse("admin:index"),
|
'<input type="hidden" name="next" value="%s">' % reverse("admin:index"),
|
||||||
|
|
|
@ -71,7 +71,7 @@ class AuthViewsTestCase(TestCase):
|
||||||
return response
|
return response
|
||||||
|
|
||||||
def logout(self):
|
def logout(self):
|
||||||
response = self.client.get("/admin/logout/")
|
response = self.client.post("/admin/logout/")
|
||||||
self.assertEqual(response.status_code, 200)
|
self.assertEqual(response.status_code, 200)
|
||||||
self.assertNotIn(SESSION_KEY, self.client.session)
|
self.assertNotIn(SESSION_KEY, self.client.session)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue