#24437 closed Bug (invalid)
contrib.auth @ 1.8b1 breaks existing projects / applications using Mongoengine
| Reported by: | Carsten Klein | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | 1.8beta1 |
| Severity: | Normal | Keywords: | |
| Cc: | github.vibepy@… | Triage Stage: | Unreviewed |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
The following changes in django/contrib/auth/init.py
root@J101829:/tmp# diff dj18a1/contrib/auth/__init__.py dj18b1/contrib/auth/__init__.py 55a56,62 > def _get_user_session_key(request): > # This value in the session is always serialized to a string, so we need > # to convert it back to Python whenever we access it. > raise Exception(get_user_model()) > return get_user_model()._meta.pk.to_python(request.session[SESSION_KEY]) > > 96c103 < if request.session[SESSION_KEY] != user.pk or ( --- > if _get_user_session_key(request) != user.pk or ( 105c112 < request.session[SESSION_KEY] = user.pk --- > request.session[SESSION_KEY] = user._meta.pk.value_to_string(user) 161c168 < user_id = request.session[SESSION_KEY] --- > user_id = _get_user_session_key(request)
break existing applications / projects using Mongoengine.
Mongoengine installs a custom MongoUser that is a shim around the actual model, which is a mongoengine document. The actual user id is a hexadecimal number / string and might not be validated using int(), causing the following exception
ValidationError at /backend/admin/ [u'\u201a511a1da669fe60752b000000\u201b Wert muss eine Ganzzahl sein.'] Request Method: GET Request URL: http://XXX/login Django Version: 1.8b1 Exception Type: ValidationError Exception Value: [u'\u201a511a1da669fe60752b000000\u201b Value must be an int.'] Exception Location: /usr/local/lib/python2.7/dist-packages/django/db/models/fields/__init__.py in to_python, line 969 Python Executable: /usr/bin/uwsgi-core Python Version: 2.7.8
I do not know whether django.contrib.auth should make any assumption on the actual type of the id, or whether mongoengine should reimplement the pk property and delegate to its own version of the Auto field.
See here for the bug I filed against mongoengine: https://github.com/MongoEngine/mongoengine/issues/899
Change History (6)
comment:1 by , 10 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 10 years ago
| Description: | modified (diff) |
|---|
comment:3 by , 10 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
comment:4 by , 10 years ago
Would this problem also be hit if a custom user model had UUID as the pk?
comment:5 by , 10 years ago
No, the change in contrib.auth that this ticket refers to is actually the one to enable using such a user to work with JSON session serialization (#24161).
comment:6 by , 10 years ago
It's hard to tell without a traceback but I also agree this is an issue with mongoengine.
No ValidationError should be raised by user._meta.pk.to_python(user._meta.pk.value_to_string(user)).
This looks like it should be fixed in mongoengine.