Re: [Django] #25030: The /admin/login/ should observe external authentication even when it appears in POST

Fri, 26 Jun 2015 11:58:58 -0700 

#25030: The /admin/login/ should observe external authentication even when it
appears in POST
------------------------------+------------------------------------
     Reporter:  adelton       |                    Owner:  nobody
         Type:  New feature   |                   Status:  new
    Component:  contrib.auth  |                  Version:  master
     Severity:  Normal        |               Resolution:
     Keywords:                |             Triage Stage:  Accepted
    Has patch:  1             |      Needs documentation:  0
  Needs tests:  0             |  Patch needs improvement:  1
Easy pickings:  0             |                    UI/UX:  0
------------------------------+------------------------------------
Changes (by claudep):

 * component:  contrib.admin => contrib.auth
 * needs_better_patch:  0 => 1
 * type:  Uncategorized => New feature
 * stage:  Unreviewed => Accepted


Comment:

 Regarding the current test failure for the patch, you are right about
 ticket #19327 not being an issue any more with the new design.

 However, your patch is still slightly changing the "overriden-login"
 behavior. Currently if I have two windows/tabs with a login form and I try
 to login with two different users, the second POST will log the second
 user which becomes then the current session user. With your patch, the
 second POST will redirect to admin index while the first user is still the
 current session user (already logged-in behavior). I understand that this
 is an edge use case, as normally users logout before logging in as a
 different user.

 Your current proposal is only addressing the admin login use case, isn't
 it? I'd be in favor of solving it directly in contrib.auth so every login
 would benefit from it. We might find a way to short-circuit the
 contrib.auth login view when request.user is already authenticated and
 user.backend point to RemoteUserBackend or a subclass. Thoughts?

--
Ticket URL: <https://code.djangoproject.com/ticket/25030#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/065.fa37be1a3c28ec9a8ca03873d6a26793%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to