mirror of
				https://github.com/django/django.git
				synced 2025-10-26 15:16:09 +00:00 
			
		
		
		
	Fixed a KeyError on login with legacy sessions; refs #21649.
Thanks Loic for the report.
This commit is contained in:
		| @@ -86,7 +86,7 @@ def login(request, user): | ||||
|     if SESSION_KEY in request.session: | ||||
|         if request.session[SESSION_KEY] != user.pk or ( | ||||
|                 session_auth_hash and | ||||
|                 request.session[HASH_SESSION_KEY] != session_auth_hash): | ||||
|                 request.session.get(HASH_SESSION_KEY) != session_auth_hash): | ||||
|             # To avoid reusing another user's session, create a new, empty | ||||
|             # session if the existing session corresponds to a different | ||||
|             # authenticated user. | ||||
|   | ||||
| @@ -594,6 +594,22 @@ class LoginTest(AuthViewsTestCase): | ||||
|         self.login(password='foobar') | ||||
|         self.assertNotEqual(original_session_key, self.client.session.session_key) | ||||
|  | ||||
|     def test_login_session_without_hash_session_key(self): | ||||
|         """ | ||||
|         Session without django.contrib.auth.HASH_SESSION_KEY should login | ||||
|         without an exception. | ||||
|         """ | ||||
|         user = User.objects.get(username='testclient') | ||||
|         engine = import_module(settings.SESSION_ENGINE) | ||||
|         session = engine.SessionStore() | ||||
|         session[SESSION_KEY] = user.id | ||||
|         session.save() | ||||
|         original_session_key = session.session_key | ||||
|         self.client.cookies[settings.SESSION_COOKIE_NAME] = original_session_key | ||||
|  | ||||
|         self.login() | ||||
|         self.assertNotEqual(original_session_key, self.client.session.session_key) | ||||
|  | ||||
|  | ||||
| @skipIfCustomUser | ||||
| class LoginURLSettings(AuthViewsTestCase): | ||||
|   | ||||
		Reference in New Issue
	
	Block a user