#22515 closed Bug (fixed)
Change user password creates a LogEntry with incorrect user
| Reported by: | Owned by: | Tim Graham | |
|---|---|---|---|
| Component: | contrib.admin | Version: | 1.6 |
| Severity: | Release blocker | Keywords: | |
| Cc: | Triage Stage: | Accepted | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | yes | UI/UX: | no |
Description
When changing the password of a user in the Admin, an admin log entry is created (LogEntry) that records the password change.
What I expected:
Changing the password of a user I expect the LogEntry to record the user who performed the action, and the user upon whom the action was completed.
What I got:
The LogEntry records my user changing the password of my user.
Repro:
- Log in as a super-user (in my case 'ross')
- Change the password of any other user (in my case 'bob')
- Check the LogEntry which will show an action by 'ross' against 'ross'.
I believe the issue may be at
https://github.com/django/django/blob/fd23c06023a0585ee743c0752dc94da66694cf63/django/contrib/auth/admin.py#L132 and that user should be passed in, rather than request.user.
Change History (4)
comment:1 by , 11 years ago
| Owner: | changed from to |
|---|---|
| Severity: | Normal → Release blocker |
| Status: | new → assigned |
| Triage Stage: | Unreviewed → Accepted |
comment:2 by , 11 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Confirmed as a bug from #19019.