)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":35133,"name":"Jan Jasek","email":"jjasek@redhat.com","username":"janjasek"},"change_message_id":"5a685146ad1bfcbf0721811d4297de4adf66cbde","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"28017c54_13097ef3","updated":"2026-01-22 13:48:25.000000000","message":"Hello, I tested it and it seems that it is working well, for this specific purpose (password change).\n\nBut when I switched my environment to use Django 5.2 and I was playing around a little then I realized that the normal logout does not work. When I am doing something in dashboard, clicking around, everything seems to be fine, but when I want to log out (from admin) and switch to another user and I click Admin (user in right upper corner) and then SignOut, then I am in hitting: Error code: 405 Method Not Allowed\nBut when I click Admin (user in right upper corner) -\u003e settings -\u003e  Change password, I change password and click Change then it logs me out, shows me login page with message “Password changed. Please log in again to continue.” and everything is fine.\n\nI am not a Django expert… But I was digging around a little bit and I found out that this is our current Logout:\nhttps://github.com/openstack/horizon/blob/47921222008cbe9a230f64f8e3335d203a53d714/openstack_auth/views.py#L246\nIt uses “django_auth_views.logout_then_login”\nWhich is here:\nhttps://github.com/django/django/blob/3851601b2e080df34fb9227fe5d2fd43af604263/django/contrib/auth/views.py#L176\n\nCurrent patch is for fix password change logout to work for Django 5.2. It is fixing the current code for “new feature” of Django that restricts logout views to POST requests only.\nBut as we call “django_auth_views.logout_then_login” also for our standard Log out, we inherit this restriction. And as our code is using standard “a href” for logout then it sends GET requests which hit 405 (because new Django allows only POST).\n\nMaybe I am completely wrong, maybe I did something wrong during setting my environment to use django 5.2 but it seems that we fixed the Password Change logout for Django 5.2 but we did not fix the normal Logout for Django 5.2 which is (I guess) used significantly more often. And I can not see any other patch in-progress that would fixed it.\n\nCan someone please correct me if I am wrong? If I am doing something wrong or if I am missing something. Thanks!","commit_id":"3b82e9f5dfbc11c1494b5962af6ccb2bcd092306"},{"author":{"_account_id":32432,"name":"Owen McGonagle","email":"omcgonag@redhat.com","username":"omcgonag"},"change_message_id":"df59df9f90684e16f4aca5b8ed39f9e912a478c8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"13beb283_70379387","updated":"2026-01-20 15:38:17.000000000","message":"recheck","commit_id":"3b82e9f5dfbc11c1494b5962af6ccb2bcd092306"},{"author":{"_account_id":32432,"name":"Owen McGonagle","email":"omcgonag@redhat.com","username":"omcgonag"},"change_message_id":"f1359248adf22eafc3c57af9d4a762a4e546da1c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"d3f5b455_16694f28","updated":"2026-01-20 19:51:33.000000000","message":"recheck","commit_id":"3b82e9f5dfbc11c1494b5962af6ccb2bcd092306"},{"author":{"_account_id":6914,"name":"Tatiana Ovchinnikova","email":"t.v.ovtchinnikova@gmail.com","username":"tmazur"},"change_message_id":"dfa2fa163cf347198184fff1ff54c040ed8f0597","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"d91bb868_9a8e9fee","in_reply_to":"28017c54_13097ef3","updated":"2026-01-22 15:27:45.000000000","message":"Thank you Jan! I will remove my vote for further investigation.","commit_id":"3b82e9f5dfbc11c1494b5962af6ccb2bcd092306"},{"author":{"_account_id":35133,"name":"Jan Jasek","email":"jjasek@redhat.com","username":"janjasek"},"change_message_id":"c8226fd12cd64d8089a7d6724c78fb403d07e235","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"b5360cdb_ef57264e","in_reply_to":"5ec52722_fc7cecce","updated":"2026-03-10 14:23:44.000000000","message":"Thank you @omcgonag@redhat.com,\nThis patch for “password change” works well, points I mentioned will be fixed in another patch.","commit_id":"3b82e9f5dfbc11c1494b5962af6ccb2bcd092306"},{"author":{"_account_id":32432,"name":"Owen McGonagle","email":"omcgonag@redhat.com","username":"omcgonag"},"change_message_id":"5c0bbbd366e80d6566a923a0ebbca518ad56436f","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"5ec52722_fc7cecce","in_reply_to":"d91bb868_9a8e9fee","updated":"2026-01-31 22:36:42.000000000","message":"i Jan — yes, as you state, this review fixes the password-change flow by\n- avoiding a redirect to LOGOUT_URL (which would be followed as a GET)\n- and instead performs the logout server-side, then redirecting to LOGIN_URL.\n\nThis is compatible with both Django 4.2 and Django 5.2.\n\nAlso, you are correct that normal “Admin -\u003e Sign Out” remains broken under\nDjango 5.2 - the user-menu logout is still a GET link while Django’s logout view is POST-only (405).\n\nI just created a WIP review at: https://review.opendev.org/c/openstack/horizon/+/975355 (CSRF-protected POST + POST-only enforcement) to address this.\n\nIf we are good with this review addressing the password change, and after some more testing with WIP review 975355 we can get bothh logout issue reslved.\n\nWe also need to think about adding a new test to help test this logout \"flow\"","commit_id":"3b82e9f5dfbc11c1494b5962af6ccb2bcd092306"},{"author":{"_account_id":8648,"name":"Radomir Dopieralski","email":"openstack@dopieralski.pl","username":"thesheep"},"change_message_id":"e798a3bcd5f339ae65c84b342cf4ce2f5e28ece8","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":3,"id":"569f0039_5799fdfd","updated":"2026-03-10 16:55:49.000000000","message":"recheck timeout","commit_id":"927fb4ed2aff3903776f9d822323cb8544006f7e"}]}
