Django

Code

Ticket #6943 (closed: fixed)

Opened 8 months ago

Last modified 6 months ago

Multiple emails in admin can cause error

Reported by: Mnewman Assigned to: Mnewman
Milestone: Component: django.contrib.admin
Version: newforms-admin Keywords: admin, login, nfa
Cc: Triage Stage: Ready for checkin
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

If you have multiple users who have the same e-mail address and one of them try to log into the admin site with their email address Django throws an exception. This is a extreme fringe case, but I have been biten by it due to editors who don't know what they are doing.

I applied a patch that doesn't return a username from the e-mail address. I can't find tests to add a line that would test for this. This patch is applied to Newforms Admin, but the two lines could be applied to trunk without a problem.

Attachments

6943-admin-multiple-emails.diff (0.7 kB) - added by Mnewman on 04/02/08 00:26:37.
simple two line patch to catch the exception and return a generic message
6943-nfa-admin-multiple-emails.diff (2.4 kB) - added by Mnewman on 06/10/08 18:41:30.
New patch against New-Forms Admin r7612, with tests!
6943-nfa-admin-multiple-emails.2.diff (3.3 kB) - added by Mnewman on 06/18/08 13:24:16.
New patch addressing the idea of e-mail address guessing.

Change History

04/02/08 00:26:37 changed by Mnewman

  • attachment 6943-admin-multiple-emails.diff added.

simple two line patch to catch the exception and return a generic message

06/10/08 18:40:03 changed by Mnewman

  • status changed from new to assigned.
  • needs_better_patch changed.
  • needs_tests set to 1.
  • owner changed from nobody to Mnewman.
  • keywords changed from admin, login to admin, login, nfa.
  • needs_docs changed.

06/10/08 18:41:30 changed by Mnewman

  • attachment 6943-nfa-admin-multiple-emails.diff added.

New patch against New-Forms Admin r7612, with tests!

06/10/08 18:46:05 changed by Mnewman

  • version changed from SVN to newforms-admin.

06/14/08 07:03:46 changed by telenieko

  • stage changed from Unreviewed to Accepted.

(follow-up: ↓ 5 ) 06/14/08 10:30:58 changed by Mnewman

  • stage changed from Accepted to Ready for checkin.

(in reply to: ↑ 4 ) 06/14/08 10:42:31 changed by telenieko

  • needs_tests deleted.

06/18/08 13:24:16 changed by Mnewman

  • attachment 6943-nfa-admin-multiple-emails.2.diff added.

New patch addressing the idea of e-mail address guessing.

06/18/08 14:05:16 changed by brosner

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [7694]) newforms-admin: Fixed #6943 and #7263 -- Handle multiple e-mail addresses when checking if it was mistakenly entered. Also prevent e-mail guessing by checking password before throwing an error. Thanks Michael Newman and Valera Grishin.

Add/Change #6943 (Multiple emails in admin can cause error)




Change Properties
Action