Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#24437 closed Bug (invalid)

contrib.auth @ 1.8b1 breaks existing projects / applications using Mongoengine

Reported by: Carsten Klein Owned by: nobody
Component: contrib.auth Version: 1.8beta1
Severity: Normal Keywords:
Cc: github.vibepy@… Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Carsten Klein)

The following changes in django/contrib/auth/init.py

root@J101829:/tmp# diff dj18a1/contrib/auth/__init__.py dj18b1/contrib/auth/__init__.py
55a56,62
> def _get_user_session_key(request):
>     # This value in the session is always serialized to a string, so we need
>     # to convert it back to Python whenever we access it.
>     raise Exception(get_user_model())
>     return get_user_model()._meta.pk.to_python(request.session[SESSION_KEY])
> 
> 
96c103
<         if request.session[SESSION_KEY] != user.pk or (
---
>         if _get_user_session_key(request) != user.pk or (
105c112
<     request.session[SESSION_KEY] = user.pk
---
>     request.session[SESSION_KEY] = user._meta.pk.value_to_string(user)
161c168
<         user_id = request.session[SESSION_KEY]
---
>         user_id = _get_user_session_key(request)

break existing applications / projects using Mongoengine.

Mongoengine installs a custom MongoUser that is a shim around the actual model, which is a mongoengine document. The actual user id is a hexadecimal number / string and might not be validated using int(), causing the following exception

ValidationError at /backend/admin/
[u'\u201a511a1da669fe60752b000000\u201b Wert muss eine Ganzzahl sein.']
Request Method:	GET
Request URL:	http://XXX/login
Django Version:	1.8b1
Exception Type:	ValidationError
Exception Value:	
[u'\u201a511a1da669fe60752b000000\u201b Value must be an int.']
Exception Location:	/usr/local/lib/python2.7/dist-packages/django/db/models/fields/__init__.py in to_python, line 969
Python Executable:	/usr/bin/uwsgi-core
Python Version:	2.7.8

I do not know whether django.contrib.auth should make any assumption on the actual type of the id, or whether mongoengine should reimplement the pk property and delegate to its own version of the Auto field.

See here for the bug I filed against mongoengine: https://github.com/MongoEngine/mongoengine/issues/899

Change History (6)

comment:1 by Carsten Klein, 10 years ago

Description: modified (diff)

comment:2 by Carsten Klein, 10 years ago

Description: modified (diff)

comment:3 by Tim Graham, 10 years ago

Resolution: invalid
Status: newclosed

This looks like it should be fixed in mongoengine.

comment:4 by Josh Smeaton, 10 years ago

Would this problem also be hit if a custom user model had UUID as the pk?

comment:5 by Tim Graham, 10 years ago

No, the change in contrib.auth that this ticket refers to is actually the one to enable using such a user to work with JSON session serialization (#24161).

comment:6 by Simon Charette, 10 years ago

It's hard to tell without a traceback but I also agree this is an issue with mongoengine.

No ValidationError should be raised by user._meta.pk.to_python(user._meta.pk.value_to_string(user)).

Note: See TracTickets for help on using tickets.
Back to Top