From 5401b125abca53200eacb62c8a10e602359b76d4 Mon Sep 17 00:00:00 2001 From: Benedict Etzel Date: Mon, 10 Nov 2025 13:29:34 +0100 Subject: Fixed #36717 -- Redirect authenticated users on admin login view to next URL. Co-authored-by: Natalia <124304+nessita@users.noreply.github.com> --- tests/admin_views/tests.py | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'tests/admin_views/tests.py') diff --git a/tests/admin_views/tests.py b/tests/admin_views/tests.py index 868b616d76..f7eaad659e 100644 --- a/tests/admin_views/tests.py +++ b/tests/admin_views/tests.py @@ -2413,6 +2413,32 @@ class AdminViewPermissionsTest(TestCase): self.assertEqual(response.status_code, 200) self.assertEqual(response.context[REDIRECT_FIELD_NAME], reverse("admin:index")) + def test_login_redirect_when_logged_in(self): + self.client.force_login(self.superuser) + response = self.client.get(reverse("admin:login")) + self.assertRedirects(response, reverse("admin:index")) + + def test_login_redirect_to_next_url_when_logged_in(self): + self.client.force_login(self.superuser) + next_url = reverse("admin:admin_views_article_add") + response = self.client.get( + reverse("admin:login"), + query_params={REDIRECT_FIELD_NAME: next_url}, + ) + self.assertRedirects(response, next_url) + + def test_login_redirect_unsafe_next_url_when_logged_in(self): + self.client.force_login(self.superuser) + response = self.client.get( + reverse("admin:login"), + query_params={ + REDIRECT_FIELD_NAME: "https://example.com/bad", + }, + ) + self.assertRedirects( + response, reverse("admin:index"), fetch_redirect_response=False + ) + def test_login_has_permission(self): # Regular User should not be able to login. response = self.client.get(reverse("has_permission_admin:index")) -- cgit v1.3