Code

Opened 3 years ago

Closed 3 years ago

#14724 closed (duplicate)

Auth Password Reset View depends on Integer user ID,

Reported by: quinode Owned by: nobody
Component: contrib.auth Version: 1.2
Severity: Keywords: User ID UUID
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

I'm using this evil (but so useful) patch to use UUID instead of Integers for User ID :
http://djangosnippets.org/snippets/1497/

I have to use UUID, the project needs it, well...

I don't know if this will become a future django option, so I don't know if this can be called a bug or a feature request

django.contrib.auth.forms.PasswordResetForm adds this in the context :

'uid': int_to_base36(user.id)

Which is then then passed to django.auth.contrib.views.password_reset_confirm who just

uid_int = base36_to_int(uidb36)

and then

user = get_object_or_404(User, id=uid_int)

Python hangs with a 100% CPU when a UUID is provided

I patched the files as I could but a better coder (than me) could perhaps add a less integer-dependant logic here ?

thanks

Attachments (0)

Change History (2)

comment:1 in reply to: ↑ description Changed 3 years ago by quinode

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

Forgot to mention that the base36-encoded Integer is of course expected also in django.contrib.auth.urls :

(r'^reset/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$', 'django.contrib.auth.views.password_reset_confirm'),

comment:2 Changed 3 years ago by gabrielhurley

  • Resolution set to duplicate
  • Status changed from new to closed

There are two parts to this ticket: one is the CPU usage bug, which was fixed in [15032] as part of the 1.2.4 security release; and two is a feature request to make the auth system support non-integer IDs for users, which sounds to me like part of extending the auth user module, AKA #3011.

Since one part is fixed and the other is a duplicate, I'm closing as a duplicate.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.