Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#16834 closed Bug (wontfix)

wrong error message when entering admin and not is_staff or is_active

Reported by: Wim Feijen <wim@…> Owned by: nobody
Component: contrib.admin Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

On the admin login, when a user tries to login, but is_staff is set to False, the error message is misleadingly wrong:

"Please enter a correct username and password. Note that both fields are case-sensitive."

The actual message should be something like:

"You are not allowed to enter the administration area of this website."

How do we deal with translations of this message?

Attachments (1)

admin_not_allowed.diff (688 bytes) - added by Wim Feijen <wim@…> 4 years ago.

Download all attachments as: .zip

Change History (4)

Changed 4 years ago by Wim Feijen <wim@…>

comment:1 Changed 4 years ago by julien

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to wontfix
  • Status changed from new to closed

Thank you for the suggestion, but note that this has already been reported in #15567 and wontfixed for security reasons. It has then been discussed on django-dev [1] with diverging opinions, including from core devs. So I suggest you continue discussing this topic on the mailing list until a final resolution is reached. Closing as wontfix again for now.

http://groups.google.com/group/django-developers/browse_thread/thread/df19241a0b1a04ef

comment:2 Changed 4 years ago by Wim Feijen <wim@…>

Julien, thanks for the pointers and also for your very correct response. I started a discussion on the mailing list as the general consensus seems to be in favour of this patch.

I'm sorry that I never seem to succeed in finding whether a ticket has already been posted: thanks for your response and contribution.

comment:3 Changed 4 years ago by Wim Feijen <wim@…>

For the record: After another discussion on django-developers here: http://groups.google.com/group/django-developers/browse_thread/thread/c070dcd878a75a2b

I created a new ticket & patch in order to make the error message more clear while not giving away any more information: see ticket #16837

Note: See TracTickets for help on using tickets.
Back to Top