Opened 12 years ago

Closed 12 years ago

#19056 closed Bug (fixed)

Admin password change page relies on user.username

Reported by: Russell Keith-Magee Owned by: nobody
Component: contrib.admin Version: dev
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The admin "change password" template currently renders "original.username" to identify the user whose password is to be changed.

Pluggable user models means that username isn't always available. It should use __unicode__ instead.

Change History (6)

comment:1 by Russell Keith-Magee <russell@…>, 12 years ago

Resolution: fixed
Status: newclosed

In 4c75344cc1d3c74ed73b7a8d6aab92a173afe8f5:

Fixed #19056 -- Ensure admin change password template doesn't rely on username attribute.

comment:2 by Gabe Jackson, 12 years ago

this also applies to the 'title' context variable set in UserAdmin's def user_change_password(self, request, id, form_url=''): somewhere about:

context = {
            'title': _('Change password: %s') % escape(user.username),
            'adminForm': adminForm,

this should be changed to

context = {
            'title': _('Change password: %s') % escape(user.get_username()),
            'adminForm': adminForm,

i'm on the run right now, but perhaps somebody could commit that.

Greetings,

Gabe

Last edited 12 years ago by Aymeric Augustin (previous) (diff)

comment:3 by Aymeric Augustin, 12 years ago

Resolution: fixed
Status: closedreopened

comment:4 by Russell Keith-Magee, 12 years ago

Severity: NormalRelease blocker
Triage Stage: UnreviewedAccepted

Good catch -- it's would also be worth doing a quick search for .username to see if there is anywhere else that the attribute is being used directly.

comment:5 by Ryan Kaskel, 12 years ago

I have pull request for this (tiny) change on Github. I probably should have opened a ticket. https://github.com/django/django/pull/511

I quick grep of django.contrib.auth reveals this to be the sole remaining reference (aside from in tests).

I will close it the request if you commit your own patch.

comment:6 by Aymeric Augustin <aymeric.augustin@…>, 12 years ago

Resolution: fixed
Status: reopenedclosed

In 9e11253497d7592964e311d007ac5ba28ca22808:

Merge pull request #511 from ryankask/username-password-admin

Allowed custom User models to use the UserAdmin's change password view.

Fix #19056 (again).

Note: See TracTickets for help on using tickets.
Back to Top