Opened 14 years ago
Closed 14 years ago
#14724 closed (duplicate)
Auth Password Reset View depends on Integer user ID,
Reported by: | domguard | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | 1.2 |
Severity: | Keywords: | User ID UUID | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I'm using this evil (but so useful) patch to use UUID instead of Integers for User ID :
http://djangosnippets.org/snippets/1497/
I have to use UUID, the project needs it, well...
I don't know if this will become a future django option, so I don't know if this can be called a bug or a feature request
django.contrib.auth.forms.PasswordResetForm adds this in the context :
'uid': int_to_base36(user.id)
Which is then then passed to django.auth.contrib.views.password_reset_confirm who just
uid_int = base36_to_int(uidb36)
and then
user = get_object_or_404(User, id=uid_int)
Python hangs with a 100% CPU when a UUID is provided
I patched the files as I could but a better coder (than me) could perhaps add a less integer-dependant logic here ?
thanks
Change History (2)
comment:1 by , 14 years ago
comment:2 by , 14 years ago
Resolution: | → duplicate |
---|---|
Status: | new → closed |
There are two parts to this ticket: one is the CPU usage bug, which was fixed in [15032] as part of the 1.2.4 security release; and two is a feature request to make the auth system support non-integer IDs for users, which sounds to me like part of extending the auth user module, AKA #3011.
Since one part is fixed and the other is a duplicate, I'm closing as a duplicate.
Forgot to mention that the base36-encoded Integer is of course expected also in django.contrib.auth.urls :