[Django] #29212: Redirect loop with @permission_required and redirect_authenticated_user
Django
-----------------------------------------+------------------------
Reporter: Nick Pope | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 2.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
The `redirect_authenticated_user` option was added by ticket #12233.
When combined with `@permission_required` and the user does not have the
specified permission(s), a redirect loop can occur.
We should document (and add tests) for this behaviour and recommend the
following pattern to avoid the issue:
{{{#!python
@login_required
@permission_required('permission', raise_exception=True)
def view(request):
# ...
}}}
Documentation to be updated:
-
https://docs.djangoproject.com/en/2.0/topics/auth/default/#django.contrib.auth.views.LoginView
- https://docs.djangoproject.com/en/2.0/topics/auth/default/#the-
permission-required-decorator
--
Ticket URL: <https://code.djangoproject.com/ticket/29212>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Nick Pope | Owner: Nick Pope
Type: Bug | Status: assigned
Component: Documentation | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Nick Pope):
* status: new => assigned
* component: Uncategorized => Documentation
* version: 2.0 => master
* owner: nobody => Nick Pope
* has_patch: 0 => 1
* type: Uncategorized => Bug
Comment:
[https://github.com/django/django/pull/9774 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:1>
Django
Reporter: Nick Pope | Owner: Nick Pope
Type: Bug | Status: assigned
Component: Documentation | Version: master
Severity: Normal | Resolution:
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham):
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:2>
Django
Reporter: Nick Pope | Owner: Nick Pope
Type: Bug | Status: assigned
Component: Documentation | Version: master
Severity: Normal | Resolution:
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Carlton Gibson):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:3>
Django
Reporter: Nick Pope | Owner: Nick Pope
Component: Documentation | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"df90e462d91d3a77aa89b69d791bf17c2bf7ff9b" df90e46]:
{{{
#!CommitTicketReference repository=""
revision="df90e462d91d3a77aa89b69d791bf17c2bf7ff9b"
Fixed #29212 -- Doc'd redirect loop if @permission_required used with
redirect_authenticated_user.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:4>
Django
Reporter: Nick Pope | Owner: Nick Pope
Type: Bug | Status: closed
Component: Documentation | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"61fc315230d001faeebf5359308563023ada4948" 61fc315]:
{{{
#!CommitTicketReference repository=""
revision="61fc315230d001faeebf5359308563023ada4948"
[2.0.x] Fixed #29212 -- Doc'd redirect loop if @permission_required used
with redirect_authenticated_user.
Backport of df90e462d91d3a77aa89b69d791bf17c2bf7ff9b from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:5>