summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoseph Kocherhans <joseph@jkocherhans.com>2006-05-10 04:30:38 +0000
committerJoseph Kocherhans <joseph@jkocherhans.com>2006-05-10 04:30:38 +0000
commit89c6a07a5ff548fa90879e46cdb11c02e2cc0e20 (patch)
tree5359de99d664127485232039d647ffc85668bb37
parentc9136c0bffbf85802925ca891b0f0db8f5a4a5a6 (diff)
multi-auth: Updated admin system to use new auth api.
git-svn-id: http://code.djangoproject.com/svn/django/branches/multi-auth@2888 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--django/contrib/admin/views/decorators.py16
1 files changed, 9 insertions, 7 deletions
diff --git a/django/contrib/admin/views/decorators.py b/django/contrib/admin/views/decorators.py
index d984077dfb..250c585220 100644
--- a/django/contrib/admin/views/decorators.py
+++ b/django/contrib/admin/views/decorators.py
@@ -1,6 +1,7 @@
from django import http, template
from django.conf import settings
-from django.contrib.auth.models import User, SESSION_KEY
+from django.contrib.auth.models import User
+from django.contrib.auth import authenticate, login
from django.shortcuts import render_to_response
from django.utils.translation import gettext_lazy
import base64, datetime, md5
@@ -69,10 +70,10 @@ def staff_member_required(view_func):
return _display_login_form(request, message)
# Check the password.
- username = request.POST.get('username', '')
- try:
- user = User.objects.get(username=username, is_staff=True)
- except User.DoesNotExist:
+ username = request.POST.get('username', None)
+ password = request.POST.get('password', None)
+ user = authenticate(username=username, password=password)
+ if user is None:
message = ERROR_MESSAGE
if '@' in username:
# Mistakenly entered e-mail address instead of username? Look it up.
@@ -86,8 +87,9 @@ def staff_member_required(view_func):
# The user data is correct; log in the user in and continue.
else:
- if user.check_password(request.POST.get('password', '')):
- request.session[SESSION_KEY] = user.id
+ if user.is_staff:
+ login(request, user)
+ # TODO: set last_login with an event.
user.last_login = datetime.datetime.now()
user.save()
if request.POST.has_key('post_data'):