diff options
author | Aymeric Augustin <aymeric.augustin@m4x.org> | 2022-04-16 20:21:29 +0200 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-04-20 10:04:29 +0200 |
commit | 04bc2564b6e0a1a0f75bb5f015e47c96c86fa0be (patch) | |
tree | 4432ad31cbdb02c5cbfcfa8bbaecc05cd5c1ed40 /tests/auth_tests | |
parent | 5fcd9b8c3383e2ab20c1573b44131105654b99d0 (diff) | |
download | django-04bc2564b6e0a1a0f75bb5f015e47c96c86fa0be.tar.gz |
Simplified LogoutView.get_success_url().
This preserves the behavior of redirecting to the logout URL without
query string parameters when an insecure ?next=... parameter is given.
It changes the behavior of a POST to the logout URL, as shown by the
test that is changed. Currently, this results in a GET to the logout
URL. However, such GET requests are deprecated. This change would be
necessary in Django 5.0 anyway. This commit merely anticipates it.
Diffstat (limited to 'tests/auth_tests')
-rw-r--r-- | tests/auth_tests/test_views.py | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index dbff931753..86424636b7 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -984,6 +984,8 @@ class LogoutThenLoginTests(AuthViewsTestCase): csrf_token = get_token(req) req.COOKIES[settings.CSRF_COOKIE_NAME] = csrf_token req.POST = {"csrfmiddlewaretoken": csrf_token} + req.META["SERVER_NAME"] = "testserver" + req.META["SERVER_PORT"] = 80 req.session = self.client.session response = logout_then_login(req) self.confirm_logged_out() @@ -996,6 +998,8 @@ class LogoutThenLoginTests(AuthViewsTestCase): csrf_token = get_token(req) req.COOKIES[settings.CSRF_COOKIE_NAME] = csrf_token req.POST = {"csrfmiddlewaretoken": csrf_token} + req.META["SERVER_NAME"] = "testserver" + req.META["SERVER_PORT"] = 80 req.session = self.client.session response = logout_then_login(req, login_url="/custom/") self.confirm_logged_out() @@ -1007,6 +1011,8 @@ class LogoutThenLoginTests(AuthViewsTestCase): self.login() req = HttpRequest() req.method = "GET" + req.META["SERVER_NAME"] = "testserver" + req.META["SERVER_PORT"] = 80 req.session = self.client.session response = logout_then_login(req) # RemovedInDjango50Warning: When the deprecation ends, replace with @@ -1345,7 +1351,8 @@ class LogoutTest(AuthViewsTestCase): def test_logout_redirect_url_named_setting(self): self.login() response = self.client.post("/logout/") - self.assertRedirects(response, "/logout/", fetch_redirect_response=False) + self.assertContains(response, "Logged out") + self.confirm_logged_out() def get_perm(Model, perm): |