[Django] #28229: The "next" variable is set in the login page, even when accessed directly
Django
-------------------------------------------+------------------------
Reporter: Shrikant Sharat | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: 1.11
Severity: Normal | Keywords: auth
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-------------------------------------------+------------------------
In the default authentication system, when a user tries to access a
protected page without logging in, he/she gets redirected to the login
page. When this happens, the `next` template variable is set to the URL of
the protected page. This is working fine.
However, when the user directly opens up the login page, for example by
entering the URL in the address bar, the `next` template variable should
not be set. But it is set to `settings.LOGIN_REDIRECT_URL` (or it's
default value), which is unexpected.
Because of this, if we are using the template for `login.html` as given in
the
[https://docs.djangoproject.com/en/1.11/topics/auth/default/#django.contrib.auth.views.LoginView
documentation], we see the `Please login to see this page.` message even
when the user opens the login page directly.
I tried to debug to find where the problem is, and found it in
`django.contrib.auth.views.LoginView` class. This class has a method
`get_success_url` which gets the redirect url either from the `next`
parameter or from the `LOGIN_REDIRECT_URL`. This method is being also used
to populate the context for the login form in the method
`get_context_data`, which, in my opinion is incorrect. The dispatch method
also uses the `get_success_url` to get the redirect url, which is correct
because the purpose there is to actually redirect.
--
Ticket URL: <https://code.djangoproject.com/ticket/28229>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Shrikant Sharat | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: 1.11
Keywords: auth | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Marten Kenbeek):
* stage: Unreviewed => Accepted
Comment:
This behaviour changed in 78963495d0caadb77eb97ccf319ef0ba3b204fb5. It
used to be the empty string if no `next` parameter was passed through GET
or POST, and it was only resolved to `LOGIN_REDIRECT_URL` when the user
had to be redirected, after the login.
--
Ticket URL: <https://code.djangoproject.com/ticket/28229#comment:1>
Django
Reporter: Shrikant Sharat | Owner: Scott Vitale
Type: Bug | Status: assigned
Component: contrib.auth | Version: 1.11
Severity: Normal | Resolution:
Keywords: auth | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Scott Vitale):
* status: new => assigned
* owner: nobody => Scott Vitale
--
Ticket URL: <https://code.djangoproject.com/ticket/28229#comment:2>
Django
Reporter: Shrikant Sharat | Owner: Mikhail
| Golubev
Type: Bug | Status: assigned
Component: contrib.auth | Version: 1.11
Severity: Normal | Resolution:
Keywords: auth | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mikhail Golubev):
* owner: Scott Vitale => Mikhail Golubev
--
Ticket URL: <https://code.djangoproject.com/ticket/28229#comment:3>
Django
Reporter: Shrikant Sharat | Owner: Mikhail
| Golubev
Type: Bug | Status: assigned
Severity: Normal | Resolution:
Keywords: auth | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Tim Graham):
* has_patch: 0 => 1
Comment:
[https://github.com/django/django/pull/8536 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/28229#comment:4>
Django
Reporter: Shrikant Sharat | Owner: Mikhail
| Golubev
Component: contrib.auth | Version: 1.11
Severity: Normal | Resolution: fixed
Keywords: auth | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"e7dc39fb65e51d7613c941f7e5768b621dea4e76" e7dc39fb]:
{{{
#!CommitTicketReference repository=""
revision="e7dc39fb65e51d7613c941f7e5768b621dea4e76"
Fixed #28229 -- Fixed the value of LoginView's "next" template variable.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28229#comment:5>
Django
Reporter: Shrikant Sharat | Owner: Mikhail
| Golubev
Type: Bug | Status: closed
Severity: Normal | Resolution: fixed
Keywords: auth | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"16431b03f801788d791bbb24d6fb266c3591ab07" 16431b0]:
{{{
#!CommitTicketReference repository=""
revision="16431b03f801788d791bbb24d6fb266c3591ab07"
[1.11.x] Fixed #28229 -- Fixed the value of LoginView's "next" template
variable.
Backport of e7dc39fb65e51d7613c941f7e5768b621dea4e76 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/28229#comment:6>