[Django] #25032: When /admin/login/ is accessed directly, there is 302 /admin/login/ after POST, and only then 302 /admin/
Django
POST, and only then 302 /admin/
-------------------------------+--------------------
Reporter: adelton | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
While investigating the behaviour for
https://code.djangoproject.com/ticket/25030 in more detail, I've noticed
that when I access (unauthenticated, via GET) /admin/login/ directly, the
access_log shows
{{{
GET /admin/login/ HTTP/1.1" 200 1716
POST /admin/login/ HTTP/1.1" 302 -
GET /admin/login/ HTTP/1.1" 302 -
GET /admin/ HTTP/1.1" 200 2826
}}}
The result of the form submission (the POST) is redirect to /admin/login/
again. It seems to be caused by
{{{
if (REDIRECT_FIELD_NAME not in request.GET and
REDIRECT_FIELD_NAME not in request.POST):
context[REDIRECT_FIELD_NAME] = request.get_full_path()
}}}
When REDIRECT_FIELD_NAME is missing, why is the redirect going to
/admin/login/ again? Wouldn't /admin/ be a better target?
Of course, the
{{{
if request.method == 'GET' and self.has_permission(request):
# Already logged-in, redirect to admin index
index_path = reverse('admin:index', current_app=self.name)
return HttpResponseRedirect(index_path)
}}}
will eventually throw it back to /admin/.
This might seem like nitpicking but figuring out correct intended
behaviour seems essential when I'm attempting to make changes to it to
better support external authentication.
--
Ticket URL: <https://code.djangoproject.com/ticket/25032>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
POST, and only then 302 /admin/
Reporter: adelton | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.admin | Version: master
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by adelton):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Comment:
Filed https://github.com/django/django/pull/4927 to use the same default
redirect target as the authenticated GET access.
--
Ticket URL: <https://code.djangoproject.com/ticket/25032#comment:1>
Django
POST, and only then 302 /admin/
Reporter: adelton | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 1 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* has_patch: 0 => 1
* type: Uncategorized => Cleanup/optimization
* needs_tests: 0 => 1
* stage: Unreviewed => Accepted
--
Ticket URL: <https://code.djangoproject.com/ticket/25032#comment:2>
Django
POST, and only then 302 /admin/
Reporter: adelton | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.admin | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by adelton):
* needs_tests: 1 => 0
--
Ticket URL: <https://code.djangoproject.com/ticket/25032#comment:3>
Django
POST, and only then 302 /admin/
Reporter: adelton | Owner: nobody
Type: Cleanup/optimization | Status: closed
Component: contrib.admin | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham <timograham@…>):
* status: new => closed
* resolution: => fixed
Comment:
In [changeset:"335368410210ce0e27e0068b3a2a6cdf4baa956b" 3353684]:
{{{
#!CommitTicketReference repository=""
revision="335368410210ce0e27e0068b3a2a6cdf4baa956b"
Fixed #25032 -- Removed double redirect in admin login.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/25032#comment:4>