Fix #20447: URL names given to contrib.auth.views are now resolved.

This commit also adds tests for the redirect feature of most auth views. It also cleans up the tests, most notably using @override_settings instead of ad-hoc setUp/tearDown methods. Thanks to caumons for the report. Conflicts: docs/releases/1.6.txt

Fix #20447: URL names given to contrib.auth.views are now resolved.
This commit also adds tests for the redirect feature of most auth views. It also cleans up the tests, most notably using @override_settings instead of ad-hoc setUp/tearDown methods. Thanks to caumons for the report. Conflicts: docs/releases/1.6.txt
980ae2ab · Baptiste Mispelon · Marc Tamlyn · 9b22badd · 980ae2ab · 980ae2ab
Kaydet (Commit) 980ae2ab authored May 19, 2013 tarafından Baptiste Mispelon Kaydeden (comit) Marc Tamlyn May 19, 2013
Showing with 26 additions and 0 deletions

test_views.py django/contrib/auth/tests/test_views.py +0 -0

urls.py django/contrib/auth/tests/urls.py +11 -0

views.py django/contrib/auth/views.py +9 -0

1.6.txt docs/releases/1.6.txt +6 -0

No files found.
--- a/django/contrib/auth/tests/test_views.py
+++ b/django/contrib/auth/tests/test_views.py
--- a/django/contrib/auth/tests/urls.py
+++ b/django/contrib/auth/tests/urls.py
@@ -62,8 +62,19 @@ def custom_request_auth_login(request):
 urlpatterns = urlpatterns + patterns('',
    (r'^logout/custom_query/$', 'django.contrib.auth.views.logout', dict(redirect_field_name='follow')),
    (r'^logout/next_page/$', 'django.contrib.auth.views.logout', dict(next_page='/somewhere/')),
+    (r'^logout/next_page/named/$', 'django.contrib.auth.views.logout', dict(next_page='password_reset')),
    (r'^remote_user/$', remote_user_auth_view),
    (r'^password_reset_from_email/$', 'django.contrib.auth.views.password_reset', dict(from_email='staffmember@example.com')),
+    (r'^password_reset/custom_redirect/$', 'django.contrib.auth.views.password_reset', dict(post_reset_redirect='/custom/')),
+    (r'^password_reset/custom_redirect/named/$', 'django.contrib.auth.views.password_reset', dict(post_reset_redirect='password_reset')),
+    (r'^reset/custom/(?P<uidb36>[0-9A-Za-z]{1,13})-(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
+        'django.contrib.auth.views.password_reset_confirm',
+        dict(post_reset_redirect='/custom/')),
+    (r'^reset/custom/named/(?P<uidb36>[0-9A-Za-z]{1,13})-(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
+        'django.contrib.auth.views.password_reset_confirm',
+        dict(post_reset_redirect='password_reset')),
+    (r'^password_change/custom/$', 'django.contrib.auth.views.password_change', dict(post_change_redirect='/custom/')),
+    (r'^password_change/custom/named/$', 'django.contrib.auth.views.password_change', dict(post_change_redirect='password_reset')),
    (r'^admin_password_reset/$', 'django.contrib.auth.views.password_reset', dict(is_admin_site=True)),
    (r'^login_required/$', login_required(password_reset)),
    (r'^login_required_login_url/$', login_required(password_reset, login_url='/somewhere/')),

--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -72,6 +72,9 @@ def logout(request, next_page=None,
    """
    auth_logout(request)

+    if next_page is not None:
+        next_page = resolve_url(next_page)
+
    if redirect_field_name in request.REQUEST:
        next_page = request.REQUEST[redirect_field_name]
        # Security check -- don't allow redirection to a different host.
@@ -140,6 +143,8 @@ def password_reset(request, is_admin_site=False,
                   extra_context=None):
    if post_reset_redirect is None:
        post_reset_redirect = reverse('django.contrib.auth.views.password_reset_done')
+    else:
+        post_reset_redirect = resolve_url(post_reset_redirect)
    if request.method == "POST":
        form = password_reset_form(request.POST)
        if form.is_valid():
@@ -193,6 +198,8 @@ def password_reset_confirm(request, uidb36=None, token=None,
    assert uidb36 is not None and token is not None  # checked by URLconf
    if post_reset_redirect is None:
        post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
+    else:
+        post_reset_redirect = resolve_url(post_reset_redirect)
    try:
        uid_int = base36_to_int(uidb36)
        user = UserModel._default_manager.get(pk=uid_int)
@@ -243,6 +250,8 @@ def password_change(request,
                    current_app=None, extra_context=None):
    if post_change_redirect is None:
        post_change_redirect = reverse('django.contrib.auth.views.password_change_done')
+    else:
+        post_change_redirect = resolve_url(post_change_redirect)
    if request.method == "POST":
        form = password_change_form(user=request.user, data=request.POST)
        if form.is_valid():

--- a/docs/releases/1.6.txt
+++ b/docs/releases/1.6.txt
@@ -243,6 +243,12 @@ Minor features

 * The reason phrase can be customized in HTTP responses.

+* When giving the URL of the next page for :func:`~django.contrib.auth.views.logout`,
+  :func:`~django.contrib.auth.views.password_reset`,
+  :func:`~django.contrib.auth.views.password_reset_confirm`,
+  and :func:`~django.contrib.auth.views.password_change`, you can now pass
+  URL names and they will be resolved.
+
 Backwards incompatible changes in 1.6
 =====================================