Changeset 8791


Ignore:
Timestamp:
30/08/13 17:07:18 (5 years ago)
Author:
mnagni
Message:

Incomplete - # 22737: [CEDA Site Python Port] Resource Registration - Make Agreement Docs PDFs
 http://team.ceda.ac.uk/trac/ceda/ticket/22737
Incomplete - # 22802: [CEDA Site Python Port] Login - no message is displayed when the user enters the wrong password
 http://team.ceda.ac.uk/trac/ceda/ticket/22802

Implements the "Reset Password" functionality

Location:
mauRepo/dj_security/trunk
Files:
2 added
9 edited

Legend:

Unmodified
Added
Removed
  • mauRepo/dj_security/trunk/README

    r8760 r8791  
    11dj_security is a Django based application which should be deployed as  
    22authentication service. It validates a user identity adding to the 
    3 response a cookie called 'auth_tkt' generated by the paste's authentication 
    4 module. 
     3response a cookie named after the AUTH_TKT parameter generated  
     4by the paste's authentication module. 
    55The application assume that a django.User model is used, as consequence inside 
    6 the auth_tkt are encoded, inside the user_data parameter, information regarding  
     6the AUTH_TKT are encoded, inside the user_data parameter, information regarding  
    77the name, email, user/group roles, etc owned by the authenticated user.  
    88'user_data' has a JSON encoding format. 
     
    1212The application contains a few configurable parameters concentrate in settings.py 
    1313 
    14 1) SHARED_SECRET: the secret key used to encrypt the generated 'auth_tkt' cookie 
     141) SECURITY_SHAREDSECRET (optional, default='sharedsecret') to specify  
     15the secret key used by the authentication service to encrypt the AUTH_TKT cookie 
     16 
    15172) the deafult dataset 'DB_xxx' parameters, that is: 
    1618'ENGINE':   'DB_ENGINE',  
     
    2022'HOST':     'DB_HOST', 
    2123'PORT':     'DB_PORT', 
     24 
    22253) NOT_ENCODE: the names in this list will be NOT encoded in the returned cookie 
    23 4) COOKIE_DOMAIN (optional): the domain where the auth_tkt will belong  
    24 [default = where dj_security is deployed] 
    25 5) REDIRECT_URL (optional): the parameter used by the client application 
    26 to specify where redirect the user whenever the authentication succeed 
    27 [default = 'r']  
    28 6) FAKE_RESPONSE (optional): if set to 'True' returns a fake authentication cookies. 
     26 
     274) COOKIE_DOMAIN (optional, default=None): the domain where the AUTH_TKT will belong 
     28 
     295) FAKE_RESPONSE (optional): if set to 'True' returns a fake authentication cookies. 
    2930Only for development purposes. 
    3031 
     326) CC_RESET_PASSWORD (optional, default=[]): the email(s) used to inform a manager(s) that a user  
     33required to reset his/her password 
    3134 
    32 Application layout is based on Mezzanine and has its core in the cedatheme_mf54 module. 
    33 Here the cedatheme_mf54.templates.pages.dropdown.html has been modified in order to include 
    34  login/logout buttons. Such buttons require some parameters to be visible/enabled and as such  
    35  have to be passed to the django rendering context. 
     357) REDIRECT_FIELD_NAME (optional, default='r'): the parameter used by the client application 
     36to specify where redirect the user whenever the authentication succeed  
     37 
     388) TOKEN_FIELD_NAME (optional, default='t'): the parameter returned to the client application 
     39specifying a random generated token for user password reset (it is stored in userdb.tbusers.reset_token)  
     40 
     419) AUTH_TKT (optional, default='auth_tkt'): the name of the cookie generated after the authentication succeed 
     42 
     43 
    3644----> LOGOUT 
    3745- accountid: if present the LOGOUT button appears 
    38 - home: is used by a {%url home%} to redirect the user after the logout  
     46- home: is used by a {%url home%} to redirect the user after the logout 
     47 
     48 
    3949     
  • mauRepo/dj_security/trunk/dj_security/__init__.py

    r8788 r8791  
    11__version__ = '0.0.3' 
     2 
     3from django.core.mail.message import EmailMultiAlternatives 
     4import smtplib 
     5import logging 
     6from django.conf import settings 
     7 
     8 
     9# Get an instance of a logger 
     10LOGGER = logging.getLogger(__name__) 
     11 
     12def cookie_domain(): 
     13    return getattr(settings, 'COOKIE_DOMAIN', None) 
     14 
     15def reset_password(): 
     16    return getattr(settings, 'CC_RESET_PASSWORD', []) 
     17 
     18def _redirect_field_name(): 
     19    return getattr(settings, 'REDIRECT_FIELD_NAME', 'r') 
     20 
     21def _token_field_name(): 
     22    return getattr(settings, 'TOKEN_FIELD_NAME', 't') 
     23 
     24def auth_tkt_name(): 
     25    return getattr(settings, 'AUTH_TKT_NAME', 'auth_tkt') 
     26 
     27def shared_secret(): 
     28    return getattr(settings, 'SECURITY_SHAREDSECRET', 'sharedsecret') 
     29 
     30def ds_send_mail(mail_subject, msg, mail_from, to_email,  
     31                 log_msgs = [], attachments = None, send_html=True, cc=None): 
     32    ''' 
     33    **attachment** is a list of triples (filename, content, mimetype) 
     34    ''' 
     35    try:         
     36        email = EmailMultiAlternatives(mail_subject,  
     37                                       msg,  
     38                                       mail_from,  
     39                                       to_email, 
     40                                       cc=cc) 
     41        if attachments: 
     42            for att in attachments: 
     43                email.attach(att[0], att[1], att[2]) 
     44         
     45        if send_html:         
     46            html_msg = "<html><head></head><body>" + msg + "</body></html>" 
     47            email.attach_alternative(html_msg, "text/html") 
     48                            
     49                 
     50        email.message().as_string() 
     51        email.send()         
     52    except smtplib.SMTPException: 
     53        for lmsg in log_msgs: 
     54            LOGGER.error("Error sending email %s" % lmsg) 
     55    for lmsg in log_msgs: 
     56        LOGGER.info(lmsg) 
  • mauRepo/dj_security/trunk/dj_security/exception.py

    r8707 r8791  
    4848        self.value = value 
    4949    def __str__(self): 
    50         return self.value      
     50        return self.value 
     51     
     52class PasswordNotMaches(DJSException): 
     53    """ 
     54        Declares that the user provided a wrong password  
     55    """     
     56    def __init__(self, value): 
     57        self.value = value 
     58    def __str__(self): 
     59        return self.value          
     60     
     61class LoginError(DJSException): 
     62    """ 
     63        Declares that a wrong username/password  
     64    """     
     65    def __init__(self, value): 
     66        self.value = value 
     67    def __str__(self): 
     68        return self.value     
     69class UserNotFound(DJSException): 
     70    """ 
     71        Declares that the username does not exist  
     72    """     
     73    def __init__(self, value): 
     74        self.value = value 
     75    def __str__(self): 
     76        return self.value 
  • mauRepo/dj_security/trunk/dj_security/middleware.py

    r8779 r8791  
    4242import base64 
    4343import logging 
     44from dj_security import auth_tkt_name, cookie_domain 
    4445 
    4546# Get an instance of a logger 
     
    130131                                      request.path])) 
    131132 
     133def _generate_auth_cookie(user, remote_ip, response): 
     134    token = AuthTicket( 
     135            getattr(settings, 'SHARED_SECRET', 'sharedsecret'),  
     136            user.accountid,  
     137            remote_ip,  
     138            user_data = '{"userkey": "%s", "accountid": "%s"}'  
     139            % (user.userkey, getattr("user", "accountid", "NotAssigned")))                
     140    LOGGER.info("Created authTicket for %s from %s" % (user.accountid, remote_ip)) 
     141    response.set_cookie(auth_tkt_name(),  
     142                        token.cookie_value(),  
     143                        domain = cookie_domain()) 
     144    LOGGER.debug("Set authTicket in response for %s from %s to domain %s"  
     145                 % (user.accountid, remote_ip, cookie_domain())) 
     146    return response 
     147 
    132148def _encode_authenticated_response(request, response, redirect_to, user): 
    133149    #def_r = _get_path_to_host(request) 
     
    139155    remote_ip = _calculate_remote_ip(redirect_to) 
    140156    LOGGER.info("responding to remote_ip: %s" % (remote_ip))       
    141     #user = get_user_byuserkey(request.session[SESSION_KEY]) 
    142      
    143     '''   
    144     if request.session.has_key('openid'): 
    145         username = request.session.get('openid').openid 
    146         request.user = get_user_byopenid(username) 
    147     elif hasattr(request, 'user'): 
    148     '''     
    149      
    150     token = AuthTicket( 
    151                 getattr(settings, 'SHARED_SECRET', 'sharedsecret'),  
    152                 user.accountid,  
    153                 remote_ip,  
    154                 user_data = '{"userkey": "%s", "accountid": "%s"}'  
    155                 % (user.userkey, getattr("user", "accountid", "NotAssigned")))                
    156     LOGGER.info("Created authTicket for %s from %s" % (user.accountid, remote_ip)) 
    157     idomain = getattr(settings, 'COOKIE_DOMAIN', None) 
    158     response.set_cookie('auth_tkt',  
    159                         token.cookie_value(),  
    160                         domain = idomain) 
    161     LOGGER.debug("Set authTicket in response for %s from %s to domain %s"  
    162                  % (user.accountid, remote_ip, idomain)) 
    163     return response 
     157    return _generate_auth_cookie(user, remote_ip, response)         
  • mauRepo/dj_security/trunk/dj_security/static/css/openid.css

    r8790 r8791  
    7373} 
    7474 
     75.messages { 
     76        font-family: Verdana,Arial,sans-serif; 
     77        padding: 0px 0px 20px 0px; 
     78} 
     79 
    7580td{ 
    7681        border-collapse:collapse; 
  • mauRepo/dj_security/trunk/dj_security/templates/signin.html

    r8790 r8791  
    3030 
    3131{% if messages %} 
    32 <ul class="messages"> 
     32<ul class="messages" style="color: #FF0000;"> 
    3333    {% for message in messages %} 
    3434    <li{% if message.tags %} class="{{ message.tags }}"{% endif %}>{{ message }}</li> 
    3535    {% endfor %} 
    3636</ul> 
    37 {% endif %} 
    38 <!-- 
    39 {% if form2.errors %} 
    40 <div class="errors"><p>{% trans "Please correct errors below:" %}<br /> 
    41  
    42 </p></div> 
    43 <br> 
    44 {% endif %} 
    45 --> 
     37{% endif %}  
    4638 
    4739{% if form1.errors %} 
     
    5850        <form id="auth_form" name="auth_form" action="{% url user_signin %}" method="post"> 
    5951                {% csrf_token %} 
    60                 <input type="hidden" name="r" value="{{ r }}" /> 
    6152                <table> 
    6253                        <tr> 
     
    7970                                        {{ form2.password }} 
    8071                                </td> 
     72                                <td class="input_value"> 
     73                                        <a href='{% url user_reset_passwd %}'>Forgot your password?</a> 
     74                                </td> 
     75                                 
    8176                                </tr>                                    
    8277                </table>                 
     
    109104        </div> 
    110105</div>   
     106 
     107<div class="messages"> 
     108Problems logging on? Contact <a href="http://badc.nerc.ac.uk/help/contact.html">BADC</a> support for help 
     109</div> 
    111110{% endblock %} 
    112111 
  • mauRepo/dj_security/trunk/dj_security/urls.py

    r8789 r8791  
    66    signin_success, signin_failure 
    77from django_authopenid import views as oid_views 
     8from dj_security.views.reset_password import reset_passwd 
    89 
    910admin.autodiscover() 
     
    2930   (r'^account/register/$', 'logged_in'),    
    3031   ("^admin/", include(admin.site.urls)), 
    31     
    32       # We don't want to presume how your homepage works, so here are a 
    33     # few patterns you can use to set it up. 
    3432 
    35     # HOMEPAGE AS STATIC TEMPLATE 
    36     # --------------------------- 
    37     # This pattern simply loads the index.html template. It isn't 
    38     # commented out like the others, so it's the default. You only need 
    39     # one homepage pattern, so if you use a different one, comment this 
    40     # one out. 
    41  
    42  
    43     # HOMEPAGE AS AN EDITABLE PAGE IN THE PAGE TREE 
    44     # --------------------------------------------- 
    45     # This pattern gives us a normal ``Page`` object, so that your 
    46     # homepage can be managed via the page tree in the admin. If you 
    47     # use this pattern, you'll need to create a page in the page tree, 
    48     # and specify its URL (in the Meta Data section) as "/", which 
    49     # is the value used below in the ``{"slug": "/"}`` part. Make 
    50     # sure to uncheck all templates for the "show in menus" field 
    51     # when you create the page, since the link to the homepage is 
    52     # always hard-coded into all the page menus that display navigation 
    53     # on the site. Also note that the normal rule of adding a custom 
    54     # template per page with the template name using the page's slug 
    55     # doesn't apply here, since we can't have a template called 
    56     # "/.html" - so for this case, the template "pages/index.html" can 
    57     # be used. 
    58  
    59     # url("^$", "mezzanine.pages.views.page", {"slug": "/"}, name="home"), 
    60  
    61     # HOMEPAGE FOR A BLOG-ONLY SITE 
    62     # ----------------------------- 
    63     # This pattern points the homepage to the blog post listing page, 
    64     # and is useful for sites that are primarily blogs. If you use this 
    65     # pattern, you'll also need to set BLOG_SLUG = "" in your 
    66     # ``settings.py`` module, and delete the blog page object from the 
    67     # page tree in the admin if it was installed. 
    68  
    69     # url("^$", "mezzanine.blog.views.blog_post_list", name="home"), 
    70  
    71     # MEZZANINE'S URLS 
    72     # ---------------- 
    73     # ADD YOUR OWN URLPATTERNS *ABOVE* THE LINE BELOW. 
    74     # ``mezzanine.urls`` INCLUDES A *CATCH ALL* PATTERN 
    75     # FOR PAGES, SO URLPATTERNS ADDED BELOW ``mezzanine.urls`` 
    76     # WILL NEVER BE MATCHED! 
    77  
    78     # If you'd like more granular control over the patterns in 
    79     # ``mezzanine.urls``, go right ahead and take the parts you want 
    80     # from it, and use them directly below instead of using 
    81     # ``mezzanine.urls``. 
    82     #("^", include("mezzanine.urls")), 
    83  
    84     # MOUNTING MEZZANINE UNDER A PREFIX 
    85     # --------------------------------- 
    86     # You can also mount all of Mezzanine's urlpatterns under a 
    87     # URL prefix if desired. When doing this, you need to define the 
    88     # ``SITE_PREFIX`` setting, which will contain the prefix. Eg: 
    89     # SITE_PREFIX = "my/site/prefix" 
    90     # For convenience, and to avoid repeating the prefix, use the 
    91     # commented out pattern below (commenting out the one above of course) 
    92     # which will make use of the ``SITE_PREFIX`` setting. Make sure to 
    93     # add the import ``from django.conf import settings`` to the top 
    94     # of this file as well. 
    95     # Note that for any of the various homepage patterns above, you'll 
    96     # need to use the ``SITE_PREFIX`` setting as well. 
    97  
     33    url(r'^reset_passwd/$', reset_passwd, name='user_reset_passwd', 
     34        kwargs={'template_name': 'reset_password.html'}), 
     35                         
    9836    url(r'^account/signin/$', signin, name='user_signin',  
    9937        kwargs={'auth_form':CEDAAuthenticationForm,  
    10038                'template_name': 'signin.html', 'redirect_field_name': 'r', 
    10139                'on_failure': signin_failure}), 
     40                         
    10241    url(r'^account/signin/complete/$', oid_views.complete_signin, name='user_complete_signin',  
    103         kwargs={'on_success': signin_success, 'redirect_field_name': 'r'}),                         
     42        kwargs={'on_success': signin_success, 'redirect_field_name': 'r'}), 
     43                                                 
    10444    #(r'^accounts/profile/$', 'logged_in'), 
    10545    #(r'^locally_logged_in/$', 'locally_logged_in'), 
  • mauRepo/dj_security/trunk/dj_security/views/__init__.py

    r8650 r8791  
     1from django.core.context_processors import csrf 
     2from django.template.context import RequestContext 
     3from django.shortcuts import render_to_response 
     4 
     5def mm_render_to_response(request, context, page_to_render): 
     6    """ 
     7    Exploits a 'render_to_response' action. The advantage of this method 
     8    is to contains a number of operations that are expected to be  called 
     9    for each page rendering, for example passing the application version number 
     10      
     11    **Parameters**             
     12        * HttpRequest_ **request** 
     13            a django HttpRequest instance        
     14        * `dict` **context** 
     15            a dictionary where to pass parameter to the rendering function    
     16        * `string` **page_to_render** 
     17            the html page to render                          
     18    """ 
     19    if context is None or not isinstance(context, dict): 
     20        raise Exception("Cannot render an empty context") 
     21     
     22    #context['version'] = assemble_version() 
     23    context.update(csrf(request)) 
     24    rcontext = RequestContext(request, context) 
     25    return render_to_response(page_to_render, rcontext) 
  • mauRepo/dj_security/trunk/dj_security/views/dj_security_login.py

    r8789 r8791  
    11''' 
     2BSD Licence 
     3Copyright (c) 2012, Science & Technology Facilities Council (STFC) 
     4All rights reserved. 
     5 
     6Redistribution and use in source and binary forms, with or without modification,  
     7are permitted provided that the following conditions are met: 
     8 
     9    * Redistributions of source code must retain the above copyright notice,  
     10        this list of conditions and the following disclaimer. 
     11    * Redistributions in binary form must reproduce the above copyright notice, 
     12        this list of conditions and the following disclaimer in the documentation 
     13        and/or other materials provided with the distribution. 
     14    * Neither the name of the Science & Technology Facilities Council (STFC)  
     15        nor the names of its contributors may be used to endorse or promote  
     16        products derived from this software without specific prior written permission. 
     17 
     18THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"  
     19AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,  
     20THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR  
     21PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS 
     22BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,  
     23OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF  
     24SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
     25HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 
     26OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE  
     27OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
    228Created on 29 Oct 2012 
    329 
    430@author: mnagni 
    531''' 
    6 from django.contrib.auth import authenticate, REDIRECT_FIELD_NAME, \ 
    7     SESSION_KEY 
     32from django.contrib.auth import authenticate, SESSION_KEY 
    833from django.core.context_processors import csrf 
    934from django.conf import settings 
     
    2954from django.contrib.auth.signals import user_logged_in 
    3055from django.db.utils import DatabaseError 
    31 from dj_security.exception import DSJOpenIDNotFoundError 
     56from dj_security.exception import DSJOpenIDNotFoundError, PasswordNotMaches,\ 
     57    UserNotFound 
    3258from dj_security.middleware import _encode_authenticated_response 
    3359from django.core.exceptions import ObjectDoesNotExist 
     60from dj_security import _redirect_field_name 
    3461 
    3562# Get an instance of a logger 
     
    7097                    user = User.objects.get(username, **kwargs) 
    7198                except User.DoesNotExist: 
     99                    raise UserNotFound() 
    72100                    pass 
    73101                else: 
    74                     if user.md5passwd == md5.new(password).hexdigest(): 
     102                    if user.md5passwd == md5.new(password).hexdigest():                         
    75103                        return user 
     104                    else: 
     105                        LOGGER.error("Wrong password for username: %s" % username) 
     106                        raise PasswordNotMaches() 
    76107    
    77108def get_user_byopenid(user_id): 
     
    98129     
    99130def _encode_authenticated_response_(request, context): 
    100     redirect_parameter = getattr(settings, 'REDIRECT_URL', 'r') 
    101131    context['redirect_url'] = \ 
    102         base64.b64decode(request.session.get(redirect_parameter, '')) 
     132        base64.b64decode(request.session.get(_redirect_field_name(), '')) 
    103133    LOGGER.info("Redirecting to %s" % (context['redirect_url']))    
    104     return render('logged_in.html', context) 
     134    return render('logged_in.html', context)   
    105135 
    106136class CEDAAuthenticationForm(AuthenticationForm): 
     
    127157@not_authenticated 
    128158def signin(request, template_name='authopenid/signin.html',  
    129         redirect_field_name=REDIRECT_FIELD_NAME, openid_form=OpenidSigninForm, 
     159        redirect_field_name=_redirect_field_name(),  
     160        openid_form=OpenidSigninForm, 
    130161        auth_form=CedaUserAuthenticationBackend,  
    131162        on_failure=None, extra_context={'is_login_page': True}): 
     
    148179        on_failure = signin_failure 
    149180         
    150     redirect_to = request.REQUEST.get(redirect_field_name, '') 
     181    if not request.session.has_key(redirect_field_name) \ 
     182        or request.GET.has_key(redirect_field_name): 
     183        request.session[redirect_field_name] = \ 
     184            urllib.unquote_plus(request.GET.get(redirect_field_name))     
     185     
    151186    form1 = openid_form() 
    152187    form2 = auth_form() 
    153188    if request.POST: 
    154         if not redirect_to or '//' in redirect_to or ' ' in redirect_to: 
    155             redirect_to = settings.LOGIN_REDIRECT_URL      
     189        if not request.session.has_key(redirect_field_name): 
     190            request.session[redirect_field_name] = settings.LOGIN_REDIRECT_URL      
    156191        if 'openid_url' in request.POST.keys(): 
    157192            form1 = openid_form(data=request.POST) 
     
    160195                        get_url_host(request), 
    161196                        reverse('user_complete_signin'),  
    162                         urllib.urlencode({ redirect_field_name: redirect_to }) 
     197                        urllib.urlencode({ redirect_field_name:  
     198                                          request.session[redirect_field_name]}) 
    163199                ) 
    164200                return ask_openid(request,  
     
    172208                #login(request, form2.get_user()) 
    173209                if request.session.test_cookie_worked(): 
    174                     request.session.delete_test_cookie()  
    175                 redirect_to = base64.b64decode(redirect_to)                                    
    176                 response = HttpResponseRedirect(redirect_to) 
    177                 _encode_authenticated_response(request,  
     210                    request.session.delete_test_cookie()                                                     
     211                response = HttpResponseRedirect(request.session.get(redirect_field_name, '')) 
     212                return _encode_authenticated_response(request,  
    178213                                               response,  
    179                                                redirect_to,  
     214                                               request.session.get(redirect_field_name, ''),  
    180215                                               form2.get_user()) 
    181                 return response 
     216            else: 
     217                return signin_failure(request, "Wrong username and/or password") 
     218                 
    182219    return render(template_name, { 
    183220        'form1': form1, 
    184221        'form2': form2, 
    185         redirect_field_name: redirect_to, 
     222        redirect_field_name: request.session.get(redirect_field_name, ''), 
    186223        'msg':  request.GET.get('msg','') 
    187224    }, context_instance=_build_context(request, extra_context=extra_context))   
    188225 
    189226def signin_failure(request, message, template_name='signin.html', 
    190         redirect_field_name=REDIRECT_FIELD_NAME, openid_form=OpenidSigninForm,  
     227        redirect_field_name=_redirect_field_name(), openid_form=OpenidSigninForm,  
    191228        auth_form=AuthenticationForm, extra_context=None, **kwargs): 
    192229    messages.add_message(request, messages.WARNING, message) 
     
    200237 
    201238def signin_success(request, identity_url, openid_response, 
    202         redirect_field_name=REDIRECT_FIELD_NAME, **kwargs): 
     239        redirect_field_name=_redirect_field_name(), **kwargs): 
    203240     
    204241    #redirect_parameter = getattr(settings, 'REDIRECT_URL', 'r')     
    205     redirect_url = base64.b64decode(request.REQUEST.get(redirect_field_name, '')) 
     242    redirect_url = request.session.get(redirect_field_name, '') 
    206243    LOGGER.debug("Redirecting to %s" % (redirect_url))  
    207244    ''' 
     
    243280            # authenticated user. 
    244281            r_copy = None 
    245             if request.session.has_key('r'): 
    246                 r_copy = request.session['r'] 
     282            if request.session.has_key(_redirect_field_name()): 
     283                r_copy = request.session[_redirect_field_name()] 
    247284            request.session.flush() 
    248285            request.user = user 
    249             request.session['r'] = r_copy 
     286            request.session[_redirect_field_name()] = r_copy 
    250287    else: 
    251288        request.session.cycle_key() 
Note: See TracChangeset for help on using the changeset viewer.