Code

Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#14446 closed (fixed)

auth.views.password_reset_confirm should never be cached

Reported by: PaulM Owned by: PaulM
Component: contrib.auth Version: 1.2
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description (last modified by gabrielhurley)

I'm splitting this issue off from #14105, as it is separate from the meat of that ticket.

Django.contrib.auth.views.password_reset_confirm needs the never_cache decorator.

To reproduce:

1. Start a new project. Add  django.contrib.admin  and setup a sqlite database. Run manage.py test auth. Result: OK.

2. Relevant bits of settings.py:

    MIDDLEWARE_CLASSES = (
        'django.middleware.cache.UpdateCacheMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.middleware.cache.FetchFromCacheMiddleware,
    )
    CACHE_BACKEND = 'locmem://'

Run manage.py test auth. Result: (failures=1, errors=11) 

This issue is that single failure.

Attachments (1)

password_reset_fix.diff (665 bytes) - added by PaulM 4 years ago.
Adds the necessary never_cache decorator

Download all attachments as: .zip

Change History (5)

Changed 4 years ago by PaulM

Adds the necessary never_cache decorator

comment:1 Changed 3 years ago by gabrielhurley

  • Description modified (diff)
  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Ready for checkin

I can confirm that this patch fixes this test failure, specifically:

======================================================================
FAIL: test_confirm_valid (django.contrib.auth.tests.views.PasswordResetTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "C:\Development\django\trunk\django\contrib\auth\tests\views.py", line 91, in test_confirm_valid
    self.assert_("Please enter your new password" in response.content)
AssertionError: False is not True

----------------------------------------------------------------------

The other 11 errors remaining when running the tests under these conditions are still related to #14105.

Updated the description to make it easier to duplicate if anyone else wants to check it prior to committing. Marking as RFC.

comment:2 Changed 3 years ago by jezdez

  • Resolution set to fixed
  • Status changed from new to closed

(In [14890]) Fixed #14446 -- Prevented the password reset confirmation view to be cached. Thanks, Paul and Gabriel.

comment:3 Changed 3 years ago by jezdez

(In [14909]) [1.2.X] Fixed #14446 -- Prevented the password reset confirmation view to be cached. Thanks, Paul and Gabriel.

Backport from trunk (r14890).

comment:4 Changed 3 years ago by jacob

  • milestone 1.3 deleted

Milestone 1.3 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.