diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 854f4d3b1..60b8ec886 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -7,6 +7,7 @@ Changelog * Added support for Django 2.1 (Ryan Verner, Matt Westcott) * Added 'scale' image filter (Oliver Wilkerson) * Added meta tag to prevent search engines from indexing admin pages (Karl Hobley) + * Fix: Respect next param on login (Loic Teixeira) 2.2 (10.08.2018) diff --git a/docs/releases/2.3.rst b/docs/releases/2.3.rst index 8fb10bbbb..5da9afcc6 100644 --- a/docs/releases/2.3.rst +++ b/docs/releases/2.3.rst @@ -29,5 +29,7 @@ Other features Bug fixes ~~~~~~~~~ + * Respect next param on login (Loic Teixeira) + Upgrade considerations ====================== diff --git a/wagtail/admin/tests/test_views.py b/wagtail/admin/tests/test_views.py new file mode 100644 index 000000000..9d983c60b --- /dev/null +++ b/wagtail/admin/tests/test_views.py @@ -0,0 +1,52 @@ +from django.test import TestCase +from django.urls import reverse + +from wagtail.core.models import Page +from wagtail.tests.utils import WagtailTestUtils + + +class TestLoginView(TestCase, WagtailTestUtils): + fixtures = ['test.json'] + + def setUp(self): + self.user = self.create_test_user() + self.homepage = Page.objects.get(url_path='/home/') + + def test_success_redirect(self): + response = self.client.post(reverse('wagtailadmin_login'), { + 'username': 'test@email.com', + 'password': 'password', + }) + self.assertRedirects(response, reverse('wagtailadmin_home')) + + def test_success_redirect_honour_redirect_get_parameter(self): + homepage_admin_url = reverse('wagtailadmin_pages:edit', args=[self.homepage.pk]) + login_url = reverse('wagtailadmin_login') + '?next={}'.format(homepage_admin_url) + response = self.client.post(login_url, { + 'username': 'test@email.com', + 'password': 'password', + }) + self.assertRedirects(response, homepage_admin_url) + + def test_success_redirect_honour_redirect_post_parameter(self): + homepage_admin_url = reverse('wagtailadmin_pages:edit', args=[self.homepage.pk]) + response = self.client.post(reverse('wagtailadmin_login'), { + 'username': 'test@email.com', + 'password': 'password', + 'next': homepage_admin_url, + }) + self.assertRedirects(response, homepage_admin_url) + + def test_already_authenticated_redirect(self): + self.client.login(username='test@email.com', password='password') + + response = self.client.get(reverse('wagtailadmin_login')) + self.assertRedirects(response, reverse('wagtailadmin_home')) + + def test_already_authenticated_redirect_honour_redirect_get_parameter(self): + self.client.login(username='test@email.com', password='password') + + homepage_admin_url = reverse('wagtailadmin_pages:edit', args=[self.homepage.pk]) + login_url = reverse('wagtailadmin_login') + '?next={}'.format(homepage_admin_url) + response = self.client.get(login_url) + self.assertRedirects(response, homepage_admin_url) diff --git a/wagtail/admin/views/account.py b/wagtail/admin/views/account.py index 34fa86ace..2a385b324 100644 --- a/wagtail/admin/views/account.py +++ b/wagtail/admin/views/account.py @@ -203,7 +203,7 @@ class LoginView(auth_views.LoginView): template_name = 'wagtailadmin/login.html' def get_success_url(self): - return reverse('wagtailadmin_home') + return self.get_redirect_url() or reverse('wagtailadmin_home') def get(self, *args, **kwargs): # If user is already logged in, redirect them to the dashboard