Fixed #15198 -- pass request to AuthenticationForm

Thanks to Ciantic for the report, claudep and slurms for initial work

django/contrib/auth/forms.py

@@ -160,10 +160,8 @@ class AuthenticationForm(forms.Form):
 
     def __init__(self, request=None, *args, **kwargs):
         """
-        If request is passed in, the form will validate that cookies are
+        The 'request' parameter is set for custom auth use by subclasses.
-        enabled. Note that the request (a HttpRequest object) must have set a
+        The form data comes in via the standard 'data' kwarg.
-        cookie with the key TEST_COOKIE_NAME and value TEST_COOKIE_VALUE before
-        running this validation.
         """
         self.request = request
         self.user_cache = None

django/contrib/auth/tests/urls.py

@@ -1,14 +1,20 @@
 from django.conf.urls import patterns, url
 from django.contrib.auth import context_processors
+from django.contrib.auth.forms import AuthenticationForm
 from django.contrib.auth.urls import urlpatterns
-from django.contrib.auth.views import password_reset
+from django.contrib.auth.views import password_reset, login
 from django.contrib.auth.decorators import login_required
 from django.contrib.messages.api import info
-from django.http import HttpResponse
+from django.http import HttpResponse, HttpRequest
 from django.shortcuts import render_to_response
 from django.template import Template, RequestContext
 from django.views.decorators.cache import never_cache
 
+class CustomRequestAuthenticationForm(AuthenticationForm):
+    def __init__(self, request, *args, **kwargs):
+        assert isinstance(request, HttpRequest)
+        super(CustomRequestAuthenticationForm, self).__init__(request, *args, **kwargs)
+
 @never_cache
 def remote_user_auth_view(request):
     "Dummy view for remote user tests"
@@ -49,6 +55,9 @@ def auth_processor_messages(request):
 def userpage(request):
     pass
 
+def custom_request_auth_login(request):
+    return login(request, authentication_form=CustomRequestAuthenticationForm)
+
 # special urls for auth test cases
 urlpatterns = urlpatterns + patterns('',
     (r'^logout/custom_query/$', 'django.contrib.auth.views.logout', dict(redirect_field_name='follow')),
@@ -65,6 +74,7 @@ urlpatterns = urlpatterns + patterns('',
     (r'^auth_processor_perms/$', auth_processor_perms),
     (r'^auth_processor_perm_in_perms/$', auth_processor_perm_in_perms),
     (r'^auth_processor_messages/$', auth_processor_messages),
+    (r'^custom_request_auth_login/$', custom_request_auth_login),
     url(r'^userpage/(.+)/$', userpage, name="userpage"),
 )
 

django/contrib/auth/tests/views.py

@@ -365,6 +365,14 @@ class LoginTest(AuthViewsTestCase):
             self.assertTrue(good_url in response.url,
                             "%s should be allowed" % good_url)
 
+    def test_login_form_contains_request(self):
+        # 15198
+        response = self.client.post('/custom_requestauth_login/', {
+            'username': 'testclient',
+            'password': 'password',
+        }, follow=True)
+        # the custom authentication form used by this login asserts
+        # that a request is passed to the form successfully.
 
 @skipIfCustomUser
 class LoginURLSettings(AuthViewsTestCase):

django/contrib/auth/views.py

@@ -35,7 +35,7 @@ def login(request, template_name='registration/login.html',
     redirect_to = request.REQUEST.get(redirect_field_name, '')
 
     if request.method == "POST":
-        form = authentication_form(data=request.POST)
+        form = authentication_form(request, data=request.POST)
         if form.is_valid():
 
             # Ensure the user-originating redirection url is safe.