Fixed #19327 -- Added handling of double login attempts in admin.

Thanks to Krzysztof Jurewicz for initial patch and adupin for tests.
author: Deric Crago <deric.crago@gmail.com> 2013-03-18 16:58:33 -0700
committer: Preston Holmes <preston@ptone.com> 2013-03-18 17:11:07 -0700
commit: 9d6ecc6bc668b5a243905486fa724d53508ad2b5 (patch)
tree: cc9c1991c5594b305b7b2eb584d00c635d5edf24 /tests/admin_views/tests.py
parent: 5180e40bee92edc4ef00d593a4609ff3a5295c90 (diff)
1 files changed, 28 insertions, 2 deletions
diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py
index 5c9699792b..203d7d624b 100644
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -6,7 +6,7 @@ import re
 import datetime
 try:
     from urllib.parse import urljoin
-except ImportError:     # Python 2
+except ImportError:  # Python 2
     from urlparse import urljoin
 
 from django.conf import settings, global_settings
@@ -981,6 +981,32 @@ class AdminViewPermissionsTest(TestCase):
         login = self.client.post('/test_admin/admin/', dict(self.super_login, **new_next), QUERY_STRING=query_string)
         self.assertRedirects(login, redirect_url)
 
+    def testDoubleLoginIsNotAllowed(self):
+        """Regression test for #19327"""
+        response = self.client.get('/test_admin/admin/')
+        self.assertEqual(response.status_code, 200)
+
+        # Establish a valid admin session
+        login = self.client.post('/test_admin/admin/', self.super_login)
+        self.assertRedirects(login, '/test_admin/admin/')
+        self.assertFalse(login.context)
+
+        # Logging in with non-admin user fails
+        login = self.client.post('/test_admin/admin/', self.joepublic_login)
+        self.assertEqual(login.status_code, 200)
+        self.assertContains(login, ERROR_MESSAGE)
+
+        # Establish a valid admin session
+        login = self.client.post('/test_admin/admin/', self.super_login)
+        self.assertRedirects(login, '/test_admin/admin/')
+        self.assertFalse(login.context)
+
+        # Logging in with admin user while already logged in
+        login = self.client.post('/test_admin/admin/', self.super_login)
+        self.assertRedirects(login, '/test_admin/admin/')
+        self.assertFalse(login.context)
+        self.client.get('/test_admin/admin/logout/')
+
     def testAddView(self):
         """Test add view restricts access and actually adds items."""
 
@@ -2547,7 +2573,7 @@ class AdminCustomQuerysetTest(TestCase):
                 self.assertNotContains(response, 'Primary key = %s' % i)
 
     def test_changelist_view_count_queries(self):
-        #create 2 Person objects
+        # create 2 Person objects
         Person.objects.create(name='person1', gender=1)
         Person.objects.create(name='person2', gender=2)
author	Deric Crago <deric.crago@gmail.com>	2013-03-18 16:58:33 -0700
committer	Preston Holmes <preston@ptone.com>	2013-03-18 17:11:07 -0700
commit	9d6ecc6bc668b5a243905486fa724d53508ad2b5 (patch)
tree	cc9c1991c5594b305b7b2eb584d00c635d5edf24 /tests/admin_views/tests.py
parent	5180e40bee92edc4ef00d593a4609ff3a5295c90 (diff)