[Django] #29212: Redirect loop with @permission_required and redirect_authenticated_user

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Django] #29212: Redirect loop with @permission_required and redirect_authenticated_user

Django
#29212: Redirect loop with @permission_required and redirect_authenticated_user
-----------------------------------------+------------------------
               Reporter:  Nick Pope      |          Owner:  nobody
                   Type:  Uncategorized  |         Status:  new
              Component:  Uncategorized  |        Version:  2.0
               Severity:  Normal         |       Keywords:
           Triage Stage:  Unreviewed     |      Has patch:  0
    Needs documentation:  0              |    Needs tests:  0
Patch needs improvement:  0              |  Easy pickings:  0
                  UI/UX:  0              |
-----------------------------------------+------------------------
 The `redirect_authenticated_user` option was added by ticket #12233.
 When combined with `@permission_required` and the user does not have the
 specified permission(s), a redirect loop can occur.

 We should document (and add tests) for this behaviour and recommend the
 following pattern to avoid the issue:

 {{{#!python
 @login_required
 @permission_required('permission', raise_exception=True)
 def view(request):
     # ...
 }}}

 Documentation to be updated:

 -
 https://docs.djangoproject.com/en/2.0/topics/auth/default/#django.contrib.auth.views.LoginView
 - https://docs.djangoproject.com/en/2.0/topics/auth/default/#the-
 permission-required-decorator

--
Ticket URL: <https://code.djangoproject.com/ticket/29212>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/050.760b551e3be8c418306b76260d565bfb%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29212: Redirect loop with @permission_required and redirect_authenticated_user

Django
#29212: Redirect loop with @permission_required and redirect_authenticated_user
-------------------------------+--------------------------------------
     Reporter:  Nick Pope      |                    Owner:  Nick Pope
         Type:  Bug            |                   Status:  assigned
    Component:  Documentation  |                  Version:  master
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Unreviewed
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+--------------------------------------
Changes (by Nick Pope):

 * status:  new => assigned
 * component:  Uncategorized => Documentation
 * version:  2.0 => master
 * owner:  nobody => Nick Pope
 * has_patch:  0 => 1
 * type:  Uncategorized => Bug


Comment:

 [https://github.com/django/django/pull/9774 PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.019cf2192d57f03ef282cf54a2177d55%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29212: Redirect loop with @permission_required and redirect_authenticated_user

Django
In reply to this post by Django
#29212: Redirect loop with @permission_required and redirect_authenticated_user
-------------------------------+-------------------------------------
     Reporter:  Nick Pope      |                    Owner:  Nick Pope
         Type:  Bug            |                   Status:  assigned
    Component:  Documentation  |                  Version:  master
     Severity:  Normal         |               Resolution:
     Keywords:                 |             Triage Stage:  Accepted
    Has patch:  1              |      Needs documentation:  0
  Needs tests:  0              |  Patch needs improvement:  0
Easy pickings:  0              |                    UI/UX:  0
-------------------------------+-------------------------------------
Changes (by Tim Graham):

 * stage:  Unreviewed => Accepted


--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.be286b1d70ace031cb3603faa02f15bd%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29212: Redirect loop with @permission_required and redirect_authenticated_user

Django
In reply to this post by Django
#29212: Redirect loop with @permission_required and redirect_authenticated_user
-------------------------------------+-------------------------------------
     Reporter:  Nick Pope            |                    Owner:  Nick Pope
         Type:  Bug                  |                   Status:  assigned
    Component:  Documentation        |                  Version:  master
     Severity:  Normal               |               Resolution:
     Keywords:                       |             Triage Stage:  Ready for
                                     |  checkin
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):

 * stage:  Accepted => Ready for checkin


--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.b6ed70830fc4f6b89454f6d1caef9a0c%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29212: Redirect loop with @permission_required and redirect_authenticated_user

Django
In reply to this post by Django
#29212: Redirect loop with @permission_required and redirect_authenticated_user
-------------------------------------+-------------------------------------
     Reporter:  Nick Pope            |                    Owner:  Nick Pope
         Type:  Bug                  |                   Status:  closed
    Component:  Documentation        |                  Version:  master
     Severity:  Normal               |               Resolution:  fixed
     Keywords:                       |             Triage Stage:  Ready for
                                     |  checkin
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Changes (by Tim Graham <timograham@…>):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 In [changeset:"df90e462d91d3a77aa89b69d791bf17c2bf7ff9b" df90e46]:
 {{{
 #!CommitTicketReference repository=""
 revision="df90e462d91d3a77aa89b69d791bf17c2bf7ff9b"
 Fixed #29212 -- Doc'd redirect loop if @permission_required used with
 redirect_authenticated_user.
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.2e24c25716ac2ea61fa7ea8cedfde177%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: [Django] #29212: Redirect loop with @permission_required and redirect_authenticated_user

Django
In reply to this post by Django
#29212: Redirect loop with @permission_required and redirect_authenticated_user
-------------------------------------+-------------------------------------
     Reporter:  Nick Pope            |                    Owner:  Nick Pope
         Type:  Bug                  |                   Status:  closed
    Component:  Documentation        |                  Version:  master
     Severity:  Normal               |               Resolution:  fixed
     Keywords:                       |             Triage Stage:  Ready for
                                     |  checkin
    Has patch:  1                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------

Comment (by Tim Graham <timograham@…>):

 In [changeset:"61fc315230d001faeebf5359308563023ada4948" 61fc315]:
 {{{
 #!CommitTicketReference repository=""
 revision="61fc315230d001faeebf5359308563023ada4948"
 [2.0.x] Fixed #29212 -- Doc'd redirect loop if @permission_required used
 with redirect_authenticated_user.

 Backport of df90e462d91d3a77aa89b69d791bf17c2bf7ff9b from master
 }}}

--
Ticket URL: <https://code.djangoproject.com/ticket/29212#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

--
You received this message because you are subscribed to the Google Groups "Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To post to this group, send email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.4e847e2529c2f27d6fe0bfc1b35d6b98%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.