Ticket #14881: 1.4.patch

File 1.4.patch, 7.1 KB (added by Jonas H., 14 years ago)

new patch against current SVN

  • django/contrib/admin/templates/registration/password_reset_email.html 

    commit 602e933874aff1d618e60920ac862d272d3e0eaf
Author: Jonas Haag <jonas@lophus.org>
Date:   Wed Sep 28 21:56:51 2011 +0200

    Non-integer-pk auth password reset

diff --git a/django/contrib/admin/templates/registration/password_reset_email.html b/django/contrib/admin/templates/registration/password_reset_email.html
index de9dc79..665ea11 100644
    a b  
    33
    44{% trans "Please go to the following page and choose a new password:" %}
    55{% block reset_link %}
    6 {{ protocol }}://{{ domain }}{% url 'django.contrib.auth.views.password_reset_confirm' uidb36=uid token=token %}
     6{{ protocol }}://{{ domain }}{% url 'django.contrib.auth.views.password_reset_confirm' uidb64=uid token=token %}
    77{% endblock %}
    88{% trans "Your username, in case you've forgotten:" %} {{ user.username }}
    99

  • django/contrib/auth/forms.py 

    diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index b97c5d7..3864341 100644
    a b  
    11from django import forms
    22from django.template import loader
    3 from django.utils.http import int_to_base36
     3from django.utils.http import urlsafe_base64_encode
    44from django.utils.translation import ugettext_lazy as _
    55
    66from django.contrib.auth.models import User
    class PasswordResetForm(forms.Form):  
    144144                'email': user.email,
    145145                'domain': domain,
    146146                'site_name': site_name,
    147                 'uid': int_to_base36(user.id),
     147                'uid': urlsafe_base64_encode(str(user.id)),
    148148                'user': user,
    149149                'token': token_generator.make_token(user),
    150150                'protocol': use_https and 'https' or 'http',

  • django/contrib/auth/tests/templates/registration/password_reset_email.html 

    diff --git a/django/contrib/auth/tests/templates/registration/password_reset_email.html b/django/contrib/auth/tests/templates/registration/password_reset_email.html
index 1b9a482..baac2fc 100644
    a b  
    1 {{ protocol }}://{{ domain }}/reset/{{ uid }}-{{ token }}/
    2  No newline at end of file
     1{{ protocol }}://{{ domain }}/reset/{{ uid }}/{{ token }}/

  • django/contrib/auth/tests/views.py 

    diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py
index a0be92f..c536d30 100644
    a b class PasswordResetTest(AuthViewsTestCase):  
    129129
    130130    def test_confirm_invalid_user(self):
    131131        # Ensure that we get a 200 response for a non-existant user, not a 404
    132         response = self.client.get('/reset/123456-1-1/')
     132        response = self.client.get('/reset/123456/1-1/')
    133133        self.assertEqual(response.status_code, 200)
    134134        self.assertTrue("The password reset link was invalid" in response.content)
    135135
    136136    def test_confirm_overflow_user(self):
    137137        # Ensure that we get a 200 response for a base36 user id that overflows int
    138         response = self.client.get('/reset/zzzzzzzzzzzzz-1-1/')
     138        response = self.client.get('/reset/zzzzzzzzzzzzz/1-1/')
    139139        self.assertEqual(response.status_code, 200)
    140140        self.assertTrue("The password reset link was invalid" in response.content)
    141141

  • django/contrib/auth/urls.py 

    diff --git a/django/contrib/auth/urls.py b/django/contrib/auth/urls.py
index c5e87ed..85b8b28 100644
    a b urlpatterns = patterns('',  
    1212    url(r'^password_change/done/$', 'django.contrib.auth.views.password_change_done', name='password_change_done'),
    1313    url(r'^password_reset/$', 'django.contrib.auth.views.password_reset', name='password_reset'),
    1414    url(r'^password_reset/done/$', 'django.contrib.auth.views.password_reset_done', name='password_reset_done'),
    15     url(r'^reset/(?P<uidb36>[0-9A-Za-z]{1,13})-(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
     15    url(r'^reset/(?P<uidb64>[0-9A-Za-z_\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$',
    1616        'django.contrib.auth.views.password_reset_confirm',
    1717        name='password_reset_confirm'),
    1818    url(r'^reset/done/$', 'django.contrib.auth.views.password_reset_complete', name='password_reset_complete'),

  • django/contrib/auth/views.py 

    diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index c86ef53..86c0d47 100644
    a b from django.conf import settings  
    44from django.core.urlresolvers import reverse
    55from django.http import HttpResponseRedirect, QueryDict
    66from django.template.response import TemplateResponse
    7 from django.utils.http import base36_to_int
     7from django.utils.http import urlsafe_base64_decode
    88from django.utils.translation import ugettext as _
    99from django.views.decorators.debug import sensitive_post_parameters
    1010from django.views.decorators.cache import never_cache
    def password_reset_done(request,  
    181181# Doesn't need csrf_protect since no-one can guess the URL
    182182@sensitive_post_parameters()
    183183@never_cache
    184 def password_reset_confirm(request, uidb36=None, token=None,
     184def password_reset_confirm(request, uidb64=None, token=None,
    185185                           template_name='registration/password_reset_confirm.html',
    186186                           token_generator=default_token_generator,
    187187                           set_password_form=SetPasswordForm,
    def password_reset_confirm(request, uidb36=None, token=None,  
    191191    View that checks the hash in a password reset link and presents a
    192192    form for entering a new password.
    193193    """
    194     assert uidb36 is not None and token is not None # checked by URLconf
     194    assert uidb64 is not None and token is not None # checked by URLconf
    195195    if post_reset_redirect is None:
    196196        post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
    197197    try:
    198         uid_int = base36_to_int(uidb36)
    199         user = User.objects.get(id=uid_int)
    200     except (ValueError, User.DoesNotExist):
     198        uid = urlsafe_base64_decode(str(uidb64))
     199        user = User.objects.get(id=uid)
     200    except (TypeError, ValueError, User.DoesNotExist):
    201201        user = None
    202202
    203203    if user is not None and token_generator.check_token(user, token):

  • django/utils/http.py 

    diff --git a/django/utils/http.py b/django/utils/http.py
index af44ff4..b1bb7bf 100644
    a b  
     1import base64
    12import calendar
    23import datetime
    34import re
    45import sys
    56import urllib
    67import urlparse
     8from binascii import Error as BinasciiError
    79from email.utils import formatdate
    810
    911from django.utils.datastructures import MultiValueDict
    def int_to_base36(i):  
    171173        factor -= 1
    172174    return ''.join(base36)
    173175
     176def urlsafe_base64_encode(s):
     177    return base64.urlsafe_b64encode(s).rstrip('\n=')
     178
     179def urlsafe_base64_decode(s):
     180    assert isinstance(s, str)
     181    try:
     182        return base64.urlsafe_b64decode(s.ljust(len(s) + len(s) % 4, '='))
     183    except (LookupError, BinasciiError), e:
     184        raise ValueError(e)
     185
    174186def parse_etags(etag_str):
    175187    """
    176188    Parses a string with one or several etags passed in If-None-Match and
Back to Top