Opened 4 years ago
Closed 4 years ago
#31978 closed Bug (fixed)
Include hidden username field on password reset to help password managers
| Reported by: | Collin Anderson | Owned by: | Mariusz Felisiak |
|---|---|---|---|
| Component: | contrib.admin | Version: | dev |
| Severity: | Release blocker | Keywords: | |
| Cc: | cmawebsite@…, Collin Anderson | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Include hidden username field on password reset to help password managers
Change History (11)
comment:1 by , 4 years ago
| Cc: | added |
|---|
comment:2 by , 4 years ago
| Component: | contrib.auth → contrib.admin |
|---|---|
| Needs tests: | set |
| Owner: | changed from to |
| Status: | new → assigned |
| Triage Stage: | Unreviewed → Accepted |
| Type: | New feature → Cleanup/optimization |
comment:3 by , 4 years ago
| Needs tests: | unset |
|---|---|
| Triage Stage: | Accepted → Ready for checkin |
comment:5 by , 4 years ago
I just came across this by chance and noticed that <input style="display: none;" autocomplete="username" value="{{ form.user.username }}"> is used in the template. Shouldn't form.user.get_username be used here? In my custom User model the username field is ommited, only email exists, and User.USERNAME_FIELD is set to email.
comment:6 by , 4 years ago
| Patch needs improvement: | set |
|---|---|
| Resolution: | fixed |
| Severity: | Normal → Release blocker |
| Status: | closed → new |
My bad. That sounds right, this will break for anyone who has a custom USERNAME_FIELD.
comment:7 by , 4 years ago
| Triage Stage: | Ready for checkin → Accepted |
|---|---|
| Type: | Cleanup/optimization → Bug |
comment:8 by , 4 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:11 by , 4 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Sounds reasonable.