Re: [Django] #35288: login_required / user_passes_test redirects back to POST-only view

Mon, 11 Mar 2024 06:17:25 -0700 

#35288: login_required / user_passes_test redirects back to POST-only view
----------------------------------+--------------------------------------
     Reporter:  Patrick Rauscher  |                    Owner:  nobody
         Type:  New feature       |                   Status:  closed
    Component:  contrib.auth      |                  Version:  5.0
     Severity:  Normal            |               Resolution:  wontfix
     Keywords:                    |             Triage Stage:  Unreviewed
    Has patch:  0                 |      Needs documentation:  0
  Needs tests:  0                 |  Patch needs improvement:  0
Easy pickings:  0                 |                    UI/UX:  0
----------------------------------+--------------------------------------
Changes (by Natalia Bidart):

 * resolution:   => wontfix
 * status:  new => closed
 * type:  Bug => New feature

Comment:

 Hello Patrick, thanks for your report and for helping making Django
 better.

 I do understand your issue though it seems a bit of a niche problem to me.
 I believe you could fix this by providing a custom view for the
 `login_url` param of the `user_passes_test` method that would redirect the
 user to whatever view is more appropriate than the POST-only view,
 particularly a view that could handle GET requests and provide a way of
 refreshing the session and taking the user to a suitable page to redo the
 POST. Also, your POST-only view could be tweaked so GET requests are
 allowed only when coming from a login operation, and the view itself could
 raise 405 for every other situation.

 In summary, I don't think this is a bug in Django, and I don't think the
 outlined issue applies to the broader ecosystem. Django is a framework
 designed to offer robust and accurate solutions for common scenarios, so
 I'll close the ticket accordingly, but if you disagree, you can consider
 starting a new conversation on the
 [https://forum.djangoproject.com/c/internals/5 Django Forum], where you'll
 reach a wider audience and likely get extra feedback. More information in
 [https://docs.djangoproject.com/en/stable/internals/contributing/bugs-and-
 features/#requesting-features the documented guidelines for requesting
 features].
-- 
Ticket URL: <https://code.djangoproject.com/ticket/35288#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/0107018e2da910d1-868609a2-ab67-4494-8f5e-950d8562c4a1-000000%40eu-central-1.amazonses.com.

Reply via email to