Opened 10 years ago
Closed 10 years ago
#26599 closed Bug (worksforme)
Django Passsword Change Form giving wrong POST value for Old Password of Admin
| Reported by: | shikha-desai | Owned by: | nobody |
|---|---|---|---|
| Component: | Template system | Version: | 1.8 |
| Severity: | Normal | Keywords: | Admin:Password Change Form |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
I have created a link to the Password Change Form using :
<a href="{% url 'admin:password_change' %}">{% trans 'Change password' %}</a>
The problem is : It works for all web users, but if I login as admin and then change the password, say if the original password is:'admin'...Now I change it to '1234', it works and I can login again.
But when I again go to change_password and try to change from '1234' to something else, it gives 'Incorrect Old Password'.
On debugging, I found that the POST request received has the old_password field value as 'admin' while I have typed '1234'.
When I tried to add another field on the html page and updated the old_password section as below:
<div class="form-group">
<div class="control-label col-sm-2">
{{ form.old_password.label_tag }}
</div>
<div class="controls col-sm-10">
{% dab_field_rendering form.old_password %}
{{ form.old_password }}
{% if form.old_password.errors %}<span class="text-danger">{{ form.old_password.errors|striptags }}</span>{% endif %}
</div>
</div>
It works perfectly fine and receives the correct request, but I can't ask user to enter the old password two times. There seems to be a problem with the code of change password.
Please provide a test case for Django's test suite that demonstrates the problem (see the existing tests in
tests/auth_tests/test_views.py) or very specific steps with the exact URLs and inputs for each step. Also be sure to disable any third-party apps to rule out a bug there.