1
0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00

Fixed a KeyError on login with legacy sessions; refs #21649.

Thanks Loic for the report.
This commit is contained in:
Tim Graham
2014-04-10 08:03:50 -04:00
parent ecff136f69
commit 11e30b684d
2 changed files with 17 additions and 1 deletions

View File

@@ -86,7 +86,7 @@ def login(request, user):
if SESSION_KEY in request.session: if SESSION_KEY in request.session:
if request.session[SESSION_KEY] != user.pk or ( if request.session[SESSION_KEY] != user.pk or (
session_auth_hash and session_auth_hash and
request.session[HASH_SESSION_KEY] != session_auth_hash): request.session.get(HASH_SESSION_KEY) != session_auth_hash):
# To avoid reusing another user's session, create a new, empty # To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different # session if the existing session corresponds to a different
# authenticated user. # authenticated user.

View File

@@ -594,6 +594,22 @@ class LoginTest(AuthViewsTestCase):
self.login(password='foobar') self.login(password='foobar')
self.assertNotEqual(original_session_key, self.client.session.session_key) self.assertNotEqual(original_session_key, self.client.session.session_key)
def test_login_session_without_hash_session_key(self):
"""
Session without django.contrib.auth.HASH_SESSION_KEY should login
without an exception.
"""
user = User.objects.get(username='testclient')
engine = import_module(settings.SESSION_ENGINE)
session = engine.SessionStore()
session[SESSION_KEY] = user.id
session.save()
original_session_key = session.session_key
self.client.cookies[settings.SESSION_COOKIE_NAME] = original_session_key
self.login()
self.assertNotEqual(original_session_key, self.client.session.session_key)
@skipIfCustomUser @skipIfCustomUser
class LoginURLSettings(AuthViewsTestCase): class LoginURLSettings(AuthViewsTestCase):