#25030: The /admin/login/ should observe external authentication even when it appears in POST ------------------------------+------------------------------------ Reporter: adelton | Owner: nobody Type: New feature | Status: new Component: contrib.auth | Version: master Severity: Normal | Resolution: Keywords: | Triage Stage: Accepted Has patch: 1 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 1 Easy pickings: 0 | UI/UX: 0 ------------------------------+------------------------------------ Changes (by claudep):
* component: contrib.admin => contrib.auth * needs_better_patch: 0 => 1 * type: Uncategorized => New feature * stage: Unreviewed => Accepted Comment: Regarding the current test failure for the patch, you are right about ticket #19327 not being an issue any more with the new design. However, your patch is still slightly changing the "overriden-login" behavior. Currently if I have two windows/tabs with a login form and I try to login with two different users, the second POST will log the second user which becomes then the current session user. With your patch, the second POST will redirect to admin index while the first user is still the current session user (already logged-in behavior). I understand that this is an edge use case, as normally users logout before logging in as a different user. Your current proposal is only addressing the admin login use case, isn't it? I'd be in favor of solving it directly in contrib.auth so every login would benefit from it. We might find a way to short-circuit the contrib.auth login view when request.user is already authenticated and user.backend point to RemoteUserBackend or a subclass. Thoughts? -- Ticket URL: <https://code.djangoproject.com/ticket/25030#comment:2> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.fa37be1a3c28ec9a8ca03873d6a26793%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.