In admin, the history for model User shows always a change in password, although it is not changed

[jose.sanchez@…]

Once a user is saved in django admin, and entry in the log is created.

When a field is changed, i.e the username, the history for that user shows:

"Changed password and username."

It shouldn't show password

[Aymeric Augustin]

Indeed, this bug is trivial to reproduce. It probably has something to do with the new password hashing (or it may predate it).

[Vladimir]

Fix ​https://github.com/django/django/pull/654

[Claude Paroz]

It is probably RFC, however, if we commit the patch attached to #16612 (waiting review), the _has_changed method will move from widget to field.

[Claude Paroz <claude@…>]

In 1686e0d184aaf704e5131a8651a070c4a0e58b03:

Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField

Thanks jose.sanchez et ezeep.com for the report and Vladimir Ulupov
for the initial patch.

[anonymous]

I'm still experiencing this issue when using a custom User model. If I comment out the line:

password = ReadOnlyPasswordHashField()

in my CustomUserChangeForm class, then saves with no changes are correctly logged with "No fields changed." However, then I'm able to see and edit the hash. Once the line is back in my code, every save results in a "Changed password." log entry.

[Tim Graham]

This was fixed in 1.6, not 1.5 (if you look at the commit, you'll see it has 1.6 tags). Since you've set "Version" to 1.5, I'm assuming that's the version you are reporting this against -- please reopen if not. A test case for Django's test suite would also be extremely helpful if you believe there's still a bug here.