Opened 10 years ago

Closed 10 years ago

#14724 closed (duplicate)

Auth Password Reset View depends on Integer user ID,

Reported by: domguard Owned by: nobody
Component: contrib.auth Version: 1.2
Severity: Keywords: User ID UUID
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


I'm using this evil (but so useful) patch to use UUID instead of Integers for User ID :

I have to use UUID, the project needs it, well...

I don't know if this will become a future django option, so I don't know if this can be called a bug or a feature request

django.contrib.auth.forms.PasswordResetForm adds this in the context :

'uid': int_to_base36(

Which is then then passed to django.auth.contrib.views.password_reset_confirm who just

uid_int = base36_to_int(uidb36)

and then

user = get_object_or_404(User, id=uid_int)

Python hangs with a 100% CPU when a UUID is provided

I patched the files as I could but a better coder (than me) could perhaps add a less integer-dependant logic here ?


Change History (2)

comment:1 in reply to:  description Changed 10 years ago by domguard

Forgot to mention that the base36-encoded Integer is of course expected also in django.contrib.auth.urls :

(r'^reset/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$', 'django.contrib.auth.views.password_reset_confirm'),

comment:2 Changed 10 years ago by Gabriel Hurley

Resolution: duplicate
Status: newclosed

There are two parts to this ticket: one is the CPU usage bug, which was fixed in [15032] as part of the 1.2.4 security release; and two is a feature request to make the auth system support non-integer IDs for users, which sounds to me like part of extending the auth user module, AKA #3011.

Since one part is fixed and the other is a duplicate, I'm closing as a duplicate.

Note: See TracTickets for help on using tickets.
Back to Top