updated error message when logging in into the admin fails because is_staff is False
|Reported by:||Owned by:||Wim Feijen|
|Cc:||Triage Stage:||Ready for checkin|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When a user tries to login on the admin, with correct username &
password, but is_staff is set to False, the error message is
"Please enter a correct username and password. Note that both fields
After discussion on django-developers:
a solution was proposed to have a general message in all cases, so potential attackers cannot distinguish between the case where username&password are right and is_staff = False versus the case where username&password don't fit.
The message is:
"Username and password incorrect or access to this page is restricted".
as proposed by Adam Jenkins, with an added "is".
Although the global variable ERROR_MESSAGE does not seem to be used anywhere else in django, I'll keep it as it is for now.
Gentlemen and ladies, now we need translations.
Change History (19)
comment:1 Changed 5 years ago by
|Patch needs improvement:||unset|
comment:10 Changed 5 years ago by
|Summary:||when logging in into the admin → updated error message when logging in into the admin fails because is_staff is False|