44from django .utils import httpwrappers
55from django .utils .html import escape
66from django .utils .translation import gettext_lazy
7- import base64 , datetime , md5
8- import cPickle as pickle
7+ import base64 , datetime
98
109ERROR_MESSAGE = gettext_lazy ("Please enter a correct username and password. Note that both fields are case-sensitive." )
1110LOGIN_FORM_KEY = 'this_is_the_login_form'
1211
1312def _display_login_form (request , error_message = '' ):
1413 request .session .set_test_cookie ()
15- if request .POST and request .POST .has_key ('post_data' ):
16- # User has failed login BUT has previously saved post data.
17- post_data = request .POST ['post_data' ]
18- elif request .POST :
19- # User's session must have expired; save their post data.
20- post_data = _encode_post_data (request .POST )
21- else :
22- post_data = _encode_post_data ({})
2314 return render_to_response ('admin/login' , {
2415 'title' : _ ('Log in' ),
2516 'app_path' : escape (request .path ),
26- 'post_data' : post_data ,
2717 'error_message' : error_message
2818 }, context_instance = DjangoContext (request ))
2919
30- def _encode_post_data (post_data ):
31- pickled = pickle .dumps (post_data )
32- pickled_md5 = md5 .new (pickled + SECRET_KEY ).hexdigest ()
33- return base64 .encodestring (pickled + pickled_md5 )
34-
35- def _decode_post_data (encoded_data ):
36- encoded_data = base64 .decodestring (encoded_data )
37- pickled , tamper_check = encoded_data [:- 32 ], encoded_data [- 32 :]
38- if md5 .new (pickled + SECRET_KEY ).hexdigest () != tamper_check :
39- from django .core .exceptions import SuspiciousOperation
40- raise SuspiciousOperation , "User may have tampered with session cookie."
41- return pickle .loads (pickled )
42-
4320def staff_member_required (view_func ):
4421 """
4522 Decorator for views that checks that the user is logged in and is a staff
@@ -48,18 +25,14 @@ def staff_member_required(view_func):
4825 def _checklogin (request , * args , ** kwargs ):
4926 if not request .user .is_anonymous () and request .user .is_staff :
5027 # The user is valid. Continue to the admin page.
51- if request .POST .has_key ('post_data' ):
52- # User must have re-authenticated through a different window
53- # or tab.
54- request .POST = _decode_post_data (request .POST ['post_data' ])
5528 return view_func (request , * args , ** kwargs )
5629
5730 assert hasattr (request , 'session' ), "The Django admin requires session middleware to be installed. Edit your MIDDLEWARE_CLASSES
8000
setting to insert 'django.middleware.sessions.SessionMiddleware'."
5831
5932 # If this isn't already the login page, display it.
6033 if not request .POST .has_key (LOGIN_FORM_KEY ):
6134 if request .POST :
62- message = _ ("Please log in again, because your session has expired. Don't worry: Your submission has been saved. " )
35+ message = _ ("Please log in again, because your session has expired." )
6336 else :
6437 message = ""
6538 return _display_login_form (request , message )
@@ -91,16 +64,7 @@ def _checklogin(request, *args, **kwargs):
9164 request .session [users .SESSION_KEY ] = user .id
9265 user .last_login = datetime .datetime .now ()
9366 user .save ()
94- if request .POST .has_key ('post_data' ):
95- post_data = _decode_post_data (request .POST ['post_data' ])
96- if post_data and not post_data .has_key (LOGIN_FORM_KEY ):
97- # overwrite request.POST with the saved post_data, and continue
98- request .POST = post_data
99- request .user = user
100- return view_func (request , * args , ** kwargs )
101- else :
102- request .session .delete_test_cookie ()
103- return httpwrappers .HttpResponseRedirect (request .path )
67+ return httpwrappers .HttpResponseRedirect (request .path )
10468 else :
10569 return _display_login_form (request , ERROR_MESSAGE )
10670
0 commit comments