diff options
| author | Adrian Holovaty <adrian@holovaty.com> | 2005-08-16 22:54:05 +0000 |
|---|---|---|
| committer | Adrian Holovaty <adrian@holovaty.com> | 2005-08-16 22:54:05 +0000 |
| commit | 07889c13a63eeb3e8a73f1e02a21227def3ae548 (patch) | |
| tree | 04a76ba333ae0308450710f4d8e7e251948437ad /django/middleware/admin.py | |
| parent | f21ff30b104ef1eedcfebd230a98fef4b6cc7ebd (diff) | |
Fixed #1 -- Added anonymous session support via middleware and request.session. Removed the former request.session, which wasn't being used anyway. Removed auth.Session model. See the BackwardsIncompatibleChanges wiki page for IMPORTANT notes on code you'll have to change and a DB table you'll have to create.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@518 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'django/middleware/admin.py')
| -rw-r--r-- | django/middleware/admin.py | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/django/middleware/admin.py b/django/middleware/admin.py index a977bacdbf..42d83b5be7 100644 --- a/django/middleware/admin.py +++ b/django/middleware/admin.py @@ -1,7 +1,7 @@ from django.utils import httpwrappers from django.core import template_loader from django.core.extensions import DjangoContext as Context -from django.models.auth import sessions, users +from django.models.auth import users from django.views.registration import passwords from django.views.auth.login import logout import base64, md5 @@ -29,14 +29,17 @@ class AdminUserRequired: # Otherwise the password reset would need its own entry in the httpd # conf, which is a little uglier than this. Same goes for the logout # view. + if view_func in (passwords.password_reset, passwords.password_reset_done, logout): return + assert hasattr(request, 'session'), "The admin requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES setting to insert 'django.middleware.sessions.SessionMiddleware' before %r." % self.__class__.__name__ + # Check for a logged in, valid user if self.user_is_valid(request.user): return - # If this isn't alreay the login page, display it + # If this isn't already the login page, display it if not request.POST.has_key('this_is_the_login_form'): if request.POST: message = "Please log in again, because your session has expired. "\ @@ -64,18 +67,16 @@ class AdminUserRequired: # The user data is correct; log in the user in and continue else: if self.authenticate_user(user, request.POST.get('password', '')): + request.session[users.SESSION_KEY] = user.id if request.POST.has_key('post_data'): post_data = decode_post_data(request.POST['post_data']) if post_data and not post_data.has_key('this_is_the_login_form'): # overwrite request.POST with the saved post_data, and continue request.POST = post_data request.user = user - request.session = sessions.create_session(user.id) return else: - response = httpwrappers.HttpResponseRedirect(request.path) - sessions.start_web_session(user.id, request, response) - return response + return httpwrappers.HttpResponseRedirect(request.path) else: return self.display_login_form(request, ERROR_MESSAGE) |