[3.2.x] Fixed #32754 -- Made AdminSite.catch_all_view() respect SCRIPT_NAME.

Regression in ba31b01034. Backport of f7691d4812 from main
2025-10-26 07:06:08 +00:00 · 2021-05-17 13:21:50 +02:00
parent cb91b2d9e3
commit ce78bc9808
3 changed files with 41 additions and 4 deletions
--- a/django/contrib/admin/sites.py
+++ b/django/contrib/admin/sites.py
@@ -420,14 +420,13 @@ class AdminSite:
    def catch_all_view(self, request, url):
        if settings.APPEND_SLASH and not url.endswith('/'):
            urlconf = getattr(request, 'urlconf', None)
-            path = '%s/' % request.path_info
            try:
-                match = resolve(path, urlconf)
+                match = resolve('%s/' % request.path_info, urlconf)
            except Resolver404:
                pass
            else:
                if getattr(match.func, 'should_append_slash', True):
-                    return HttpResponsePermanentRedirect(path)
+                    return HttpResponsePermanentRedirect('%s/' % request.path)
        raise Http404

    def _build_app_dict(self, request, label=None):
--- a/docs/releases/3.2.4.txt
+++ b/docs/releases/3.2.4.txt
@@ -9,4 +9,6 @@ Django 3.2.4 fixes several bugs in 3.2.3.
 Bugfixes
 ========

-* ...
+* Fixed a bug in Django 3.2 where a final catch-all view in the admin didn't
+  respect the server-provided value of ``SCRIPT_NAME`` when redirecting
+  unauthenticated users to the login page (:ticket:`32754`).
--- a/tests/admin_views/tests.py
+++ b/tests/admin_views/tests.py
@@ -6599,6 +6599,42 @@ class AdminSiteFinalCatchAllPatternTests(TestCase):
        response = self.client.get(known_url[:-1])
        self.assertRedirects(response, known_url, status_code=301, target_status_code=403)

+    @override_settings(APPEND_SLASH=True)
+    def test_missing_slash_append_slash_true_script_name(self):
+        superuser = User.objects.create_user(
+            username='staff',
+            password='secret',
+            email='staff@example.com',
+            is_staff=True,
+        )
+        self.client.force_login(superuser)
+        known_url = reverse('admin:admin_views_article_changelist')
+        response = self.client.get(known_url[:-1], SCRIPT_NAME='/prefix/')
+        self.assertRedirects(
+            response,
+            '/prefix' + known_url,
+            status_code=301,
+            fetch_redirect_response=False,
+        )
+
+    @override_settings(APPEND_SLASH=True, FORCE_SCRIPT_NAME='/prefix/')
+    def test_missing_slash_append_slash_true_force_script_name(self):
+        superuser = User.objects.create_user(
+            username='staff',
+            password='secret',
+            email='staff@example.com',
+            is_staff=True,
+        )
+        self.client.force_login(superuser)
+        known_url = reverse('admin:admin_views_article_changelist')
+        response = self.client.get(known_url[:-1])
+        self.assertRedirects(
+            response,
+            '/prefix' + known_url,
+            status_code=301,
+            fetch_redirect_response=False,
+        )
+
    @override_settings(APPEND_SLASH=True)
    def test_missing_slash_append_slash_true_non_staff_user(self):
        user = User.objects.create_user(