Refs #17209 -- Added LoginView and LogoutView class-based views

Thanks Tim Graham for the review.
2025-08-03 10:34:04 +00:00 · 2016-05-15 17:28:00 +02:00 · 2016-05-15 17:28:00 +02:00 · 78963495d0
commit 78963495d0
parent 742ea51413
16 changed files with 226 additions and 157 deletions
--- a/docs/internals/deprecation.txt
+++ b/docs/internals/deprecation.txt
@ -15,6 +15,8 @@ about each item can often be found in the release notes of two versions prior.
 See the :ref:`Django 1.11 release notes<deprecated-features-1.11>` for more
 details on these changes.

+* ``contrib.auth.views.login()`` and ``logout()`` will be removed.
+
 .. _deprecation-removed-in-2.0:

 2.0
--- a/docs/ref/contrib/auth.txt
+++ b/docs/ref/contrib/auth.txt
@ -93,7 +93,7 @@ Fields
        if you want to allow inactive users to login. In this case, you'll also
        want to customize the
        :class:`~django.contrib.auth.forms.AuthenticationForm` used by the
-        :func:`~django.contrib.auth.views.login` view as it rejects inactive
+        :class:`~django.contrib.auth.views.LoginView` as it rejects inactive
        users. Be aware that the permission-checking methods such as
        :meth:`~django.contrib.auth.models.User.has_perm` and the
        authentication in the Django admin all return ``False`` for inactive
@ -582,7 +582,7 @@ The following backends are available in :mod:`django.contrib.auth.backends`:

   When using this backend, you'll likely want to customize the
   :class:`~django.contrib.auth.forms.AuthenticationForm` used by the
-   :func:`~django.contrib.auth.views.login` view by overriding the
+   :class:`~django.contrib.auth.views.LoginView` by overriding the
   :meth:`~django.contrib.auth.forms.AuthenticationForm.confirm_login_allowed`
   method as it rejects inactive users.

--- a/docs/ref/contrib/sites.txt
+++ b/docs/ref/contrib/sites.txt
@ -436,8 +436,8 @@ Here's how Django uses the sites framework:
  the current :class:`~django.contrib.sites.models.Site` object if you don't
  specify a fully-qualified domain.

-* In the :mod:`authentication framework <django.contrib.auth>`, the
-  :func:`django.contrib.auth.views.login` view passes the current
+* In the :mod:`authentication framework <django.contrib.auth>`,
+  :class:`django.contrib.auth.views.LoginView` passes the current
  :class:`~django.contrib.sites.models.Site` name to the template as
  ``{{ site_name }}``.

--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@ -2736,8 +2736,8 @@ the URL in two places (``settings`` and URLconf).

 Default: ``None``

-The URL where requests are redirected after a user logs out using the
-:func:`~django.contrib.auth.views.logout` view (if the view doesn't get a
+The URL where requests are redirected after a user logs out using
+:class:`~django.contrib.auth.views.LogoutView` (if the view doesn't get a
 ``next_page`` argument).

 If ``None``, no redirect will be performed and the logout view will be
--- a/docs/releases/1.11.txt
+++ b/docs/releases/1.11.txt
@ -66,6 +66,10 @@ Minor features
 * The default iteration count for the PBKDF2 password hasher is increased by
  20%.

+* The :class:`~django.contrib.auth.views.LoginView` and
+  :class:`~django.contrib.auth.views.LogoutView` class-based views supersede the
+  deprecated ``login()`` and ``logout()`` function-based views.
+
 :mod:`django.contrib.contenttypes`
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

@ -297,4 +301,7 @@ Features deprecated in 1.11
 Miscellaneous
 -------------

-* ...
+* ``contrib.auth``’s ``login()`` and ``logout()`` function-based views are
+  deprecated in favor of new class-based views
+  :class:`~django.contrib.auth.views.LoginView` and
+  :class:`~django.contrib.auth.views.LogoutView`.
--- a/docs/topics/auth/default.txt
+++ b/docs/topics/auth/default.txt
@ -503,7 +503,7 @@ The ``login_required`` decorator

        from django.contrib.auth import views as auth_views

-        url(r'^accounts/login/$', auth_views.login),
+        url(r'^accounts/login/$', auth_views.Login.as_view()),

    The :setting:`settings.LOGIN_URL <LOGIN_URL>` also accepts view function
    names and :ref:`named URL patterns <naming-url-patterns>`. This allows you
@ -957,12 +957,37 @@ implementation details see :ref:`using-the-views`.

 .. function:: login(request, template_name=`registration/login.html`, redirect_field_name='next', authentication_form=AuthenticationForm, current_app=None, extra_context=None, redirect_authenticated_user=False)

+    .. deprecated:: 1.11
+
+        The ``login`` function-based view should be replaced by the class-based
+        :class:`LoginView`.
+
+    The optional arguments of this view are similar to the class-based
+    ``LoginView`` optional attributes. In addition, it has:
+
+    * ``current_app``: A hint indicating which application contains the
+      current view. See the :ref:`namespaced URL resolution strategy
+      <topics-http-reversing-url-namespaces>` for more information.
+
+    .. deprecated:: 1.9
+
+        The ``current_app`` attribute is deprecated and will be removed in
+        Django 2.0. Callers should set ``request.current_app`` instead.
+
+    .. versionadded:: 1.10
+
+        The ``redirect_authenticated_user`` parameter was added.
+
+.. class:: LoginView
+
+    .. versionadded:: 1.11
+
    **URL name:** ``login``

    See :doc:`the URL documentation </topics/http/urls>` for details on using
    named URL patterns.

-    **Optional arguments:**
+    **Attributes:**

    * ``template_name``: The name of a template to display for the view used to
      log the user in. Defaults to :file:`registration/login.html`.
@ -974,10 +999,6 @@ implementation details see :ref:`using-the-views`.
      use for authentication. Defaults to
      :class:`~django.contrib.auth.forms.AuthenticationForm`.

-    * ``current_app``: A hint indicating which application contains the current
-      view. See the :ref:`namespaced URL resolution strategy
-      <topics-http-reversing-url-namespaces>` for more information.
-
    * ``extra_context``: A dictionary of context data that will be added to the
      default context data passed to the template.

@ -985,16 +1006,7 @@ implementation details see :ref:`using-the-views`.
      authenticated users accessing the login page will be redirected as if
      they had just successfully logged in. Defaults to ``False``.

-    .. deprecated:: 1.9
-
-        The ``current_app`` parameter is deprecated and will be removed in
-        Django 2.0. Callers should set ``request.current_app`` instead.
-
-    .. versionadded:: 1.10
-
-        The ``redirect_authenticated_user`` parameter was added.
-
-    Here's what ``django.contrib.auth.views.login`` does:
+    Here's what ``LoginView`` does:

    * If called via ``GET``, it displays a login form that POSTs to the
      same URL. More on this in a bit.
@ -1030,14 +1042,14 @@ implementation details see :ref:`using-the-views`.

    If you'd prefer not to call the template :file:`registration/login.html`,
    you can pass the ``template_name`` parameter via the extra arguments to
-    the view in your URLconf. For example, this URLconf line would use
-    :file:`myapp/login.html` instead::
+    the ``as_view`` method in your URLconf. For example, this URLconf line would
+    use :file:`myapp/login.html` instead::

-        url(r'^accounts/login/$', auth_views.login, {'template_name': 'myapp/login.html'}),
+        url(r'^accounts/login/$', auth_views.LoginView.as_view(template_name='myapp/login.html')),

    You can also specify the name of the ``GET`` field which contains the URL
-    to redirect to after login by passing ``redirect_field_name`` to the view.
-    By default, the field is called ``next``.
+    to redirect to after login using ``redirect_field_name``. By default, the
+    field is called ``next``.

    Here's a sample :file:`registration/login.html` template you can use as a
    starting point. It assumes you have a :file:`base.html` template that
@ -1084,49 +1096,55 @@ implementation details see :ref:`using-the-views`.

        {% endblock %}

-    If you have customized authentication (see
-    :doc:`Customizing Authentication </topics/auth/customizing>`) you can pass
-    a custom authentication form to the login view via the
-    ``authentication_form`` parameter. This form must accept a ``request``
-    keyword argument in its ``__init__`` method, and provide a ``get_user()``
-    method which returns the authenticated user object (this method is only
-    ever called after successful form validation).
-
-    .. _forms documentation: ../forms/
-    .. _site framework docs: ../sites/
+    If you have customized authentication (see :doc:`Customizing Authentication
+    </topics/auth/customizing>`) you can use a custom authentication form by
+    setting the ``authentication_form`` attribute. This form must accept a
+    ``request`` keyword argument in its ``__init__()`` method and provide a
+    ``get_user()`` method which returns the authenticated user object (this
+    method is only ever called after successful form validation).

 .. function:: logout(request, next_page=None, template_name='registration/logged_out.html', redirect_field_name='next', current_app=None, extra_context=None)

+    .. deprecated:: 1.11
+
+        The ``logout`` function-based view should be replaced by the
+        class-based :class:`LogoutView`.
+
+    The optional arguments of this view are similar to the class-based
+    ``LogoutView`` optional attributes. In addition, it has:
+
+    * ``current_app``: A hint indicating which application contains the
+      current view. See the :ref:`namespaced URL resolution strategy
+      <topics-http-reversing-url-namespaces>` for more information.
+
+    .. deprecated:: 1.9
+
+        The ``current_app`` attribute is deprecated and will be removed in
+        Django 2.0. Callers should set ``request.current_app`` instead.
+
+.. class:: LogoutView
+
+    .. versionadded:: 1.11
+
    Logs a user out.

    **URL name:** ``logout``

-    **Optional arguments:**
+    **Attributes:**

    * ``next_page``: The URL to redirect to after logout. Defaults to
-      :setting:`settings.LOGOUT_REDIRECT_URL <LOGOUT_REDIRECT_URL>` if not
-      supplied.
+      :setting:`settings.LOGOUT_REDIRECT_URL <LOGOUT_REDIRECT_URL>`.

    * ``template_name``: The full name of a template to display after
-      logging the user out. Defaults to
-      :file:`registration/logged_out.html` if no argument is supplied.
+      logging the user out. Defaults to :file:`registration/logged_out.html`.

    * ``redirect_field_name``: The name of a ``GET`` field containing the
      URL to redirect to after log out. Defaults to ``next``. Overrides the
      ``next_page`` URL if the given ``GET`` parameter is passed.

-    * ``current_app``: A hint indicating which application contains the current
-      view. See the :ref:`namespaced URL resolution strategy
-      <topics-http-reversing-url-namespaces>` for more information.
-
    * ``extra_context``: A dictionary of context data that will be added to the
      default context data passed to the template.

-    .. deprecated:: 1.9
-
-        The ``current_app`` parameter is deprecated and will be removed in
-        Django 2.0. Callers should set ``request.current_app`` instead.
-
    **Template context:**

    * ``title``: The string "Logged out", localized.