diff options
| author | Benedict Etzel <developer@beheh.de> | 2025-11-10 13:29:34 +0100 |
|---|---|---|
| committer | nessita <124304+nessita@users.noreply.github.com> | 2025-11-12 19:42:24 -0300 |
| commit | 5401b125abca53200eacb62c8a10e602359b76d4 (patch) | |
| tree | 72bb904a1fb153fd27411fed0a14f41468d915e3 /django/contrib | |
| parent | 66b5a6de78ac3bcdf586844eac61663fece10ab5 (diff) | |
Fixed #36717 -- Redirect authenticated users on admin login view to next URL.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Diffstat (limited to 'django/contrib')
| -rw-r--r-- | django/contrib/admin/sites.py | 18 | ||||
| -rw-r--r-- | django/contrib/auth/views.py | 24 |
2 files changed, 24 insertions, 18 deletions
diff --git a/django/contrib/admin/sites.py b/django/contrib/admin/sites.py index 17af19fd1b..410bf20da0 100644 --- a/django/contrib/admin/sites.py +++ b/django/contrib/admin/sites.py @@ -416,29 +416,27 @@ class AdminSite: """ Display the login form for the given HttpRequest. """ - if request.method == "GET" and self.has_permission(request): - # Already logged-in, redirect to admin index - index_path = reverse("admin:index", current_app=self.name) - return HttpResponseRedirect(index_path) - # Since this module gets imported in the application's root package, # it cannot import models from other applications at the module level, # and django.contrib.admin.forms eventually imports User. from django.contrib.admin.forms import AdminAuthenticationForm from django.contrib.auth.views import LoginView + redirect_url = LoginView().get_redirect_url(request) or reverse( + "admin:index", current_app=self.name + ) + if request.method == "GET" and self.has_permission(request): + # Already logged-in, redirect accordingly. + return HttpResponseRedirect(redirect_url) + context = { **self.each_context(request), "title": _("Log in"), "subtitle": None, "app_path": request.get_full_path(), "username": request.user.get_username(), + REDIRECT_FIELD_NAME: redirect_url, } - if ( - REDIRECT_FIELD_NAME not in request.GET - and REDIRECT_FIELD_NAME not in request.POST - ): - context[REDIRECT_FIELD_NAME] = reverse("admin:index", current_app=self.name) context.update(extra_context or {}) defaults = { diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py index 295f2219cf..dcffb4aca6 100644 --- a/django/contrib/auth/views.py +++ b/django/contrib/auth/views.py @@ -40,20 +40,28 @@ class RedirectURLMixin: def get_success_url(self): return self.get_redirect_url() or self.get_default_redirect_url() - def get_redirect_url(self): - """Return the user-originating redirect URL if it's safe.""" - redirect_to = self.request.POST.get( - self.redirect_field_name, self.request.GET.get(self.redirect_field_name) + def get_redirect_url(self, request=None): + """Return the user-originating redirect URL if it's safe. + + Optionally takes a request argument, allowing use outside class-based + views. + """ + if request is None: + request = self.request + redirect_to = request.POST.get( + self.redirect_field_name, request.GET.get(self.redirect_field_name) ) url_is_safe = url_has_allowed_host_and_scheme( url=redirect_to, - allowed_hosts=self.get_success_url_allowed_hosts(), - require_https=self.request.is_secure(), + allowed_hosts=self.get_success_url_allowed_hosts(request), + require_https=request.is_secure(), ) return redirect_to if url_is_safe else "" - def get_success_url_allowed_hosts(self): - return {self.request.get_host(), *self.success_url_allowed_hosts} + def get_success_url_allowed_hosts(self, request=None): + if request is None: + request = self.request + return {request.get_host(), *self.success_url_allowed_hosts} def get_default_redirect_url(self): """Return the default redirect URL.""" |