Opened 6 years ago

Closed 6 years ago

Last modified 5 years ago

#14446 closed (fixed)

auth.views.password_reset_confirm should never be cached

Reported by: Paul McMillan Owned by: Paul McMillan
Component: contrib.auth Version: 1.2
Severity: Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description (last modified by Gabriel Hurley)

I'm splitting this issue off from #14105, as it is separate from the meat of that ticket.

Django.contrib.auth.views.password_reset_confirm needs the never_cache decorator.

To reproduce:

1. Start a new project. Add  django.contrib.admin  and setup a sqlite database. Run manage.py test auth. Result: OK.

2. Relevant bits of settings.py:

    MIDDLEWARE_CLASSES = (
        'django.middleware.cache.UpdateCacheMiddleware',
        'django.middleware.common.CommonMiddleware',
        'django.middleware.cache.FetchFromCacheMiddleware,
    )
    CACHE_BACKEND = 'locmem://'

Run manage.py test auth. Result: (failures=1, errors=11) 

This issue is that single failure.

Attachments (1)

password_reset_fix.diff (665 bytes) - added by Paul McMillan 6 years ago.
Adds the necessary never_cache decorator

Download all attachments as: .zip

Change History (5)

Changed 6 years ago by Paul McMillan

Attachment: password_reset_fix.diff added

Adds the necessary never_cache decorator

comment:1 Changed 6 years ago by Gabriel Hurley

Description: modified (diff)
Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedReady for checkin

I can confirm that this patch fixes this test failure, specifically:

======================================================================
FAIL: test_confirm_valid (django.contrib.auth.tests.views.PasswordResetTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "C:\Development\django\trunk\django\contrib\auth\tests\views.py", line 91, in test_confirm_valid
    self.assert_("Please enter your new password" in response.content)
AssertionError: False is not True

----------------------------------------------------------------------

The other 11 errors remaining when running the tests under these conditions are still related to #14105.

Updated the description to make it easier to duplicate if anyone else wants to check it prior to committing. Marking as RFC.

comment:2 Changed 6 years ago by Jannis Leidel

Resolution: fixed
Status: newclosed

(In [14890]) Fixed #14446 -- Prevented the password reset confirmation view to be cached. Thanks, Paul and Gabriel.

comment:3 Changed 6 years ago by Jannis Leidel

(In [14909]) [1.2.X] Fixed #14446 -- Prevented the password reset confirmation view to be cached. Thanks, Paul and Gabriel.

Backport from trunk (r14890).

comment:4 Changed 5 years ago by Jacob

milestone: 1.3

Milestone 1.3 deleted

Note: See TracTickets for help on using tickets.
Back to Top