Opened 8 years ago

Closed 6 years ago

#18460 closed Bug (fixed)

In admin, the history for model User shows always a change in password, although it is not changed

Reported by: jose.sanchez@… Owned by: nobody
Component: contrib.admin Version: 1.5
Severity: Normal Keywords: admin, password
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


Once a user is saved in django admin, and entry in the log is created.

When a field is changed, i.e the username, the history for that user shows:

"Changed password and username."

It shouldn't show password

Change History (7)

comment:1 Changed 7 years ago by Aymeric Augustin

Component: Uncategorizedcontrib.admin
Triage Stage: UnreviewedAccepted

Indeed, this bug is trivial to reproduce. It probably has something to do with the new password hashing (or it may predate it).

comment:3 Changed 7 years ago by Claude Paroz

Has patch: set

comment:4 Changed 7 years ago by Claude Paroz

It is probably RFC, however, if we commit the patch attached to #16612 (waiting review), the _has_changed method will move from widget to field.

comment:5 Changed 7 years ago by Claude Paroz <claude@…>

Resolution: fixed
Status: newclosed

In 1686e0d184aaf704e5131a8651a070c4a0e58b03:

Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField

Thanks jose.sanchez et for the report and Vladimir Ulupov
for the initial patch.

comment:6 Changed 6 years ago by anonymous

Resolution: fixed
Status: closednew
Version: 1.41.5

I'm still experiencing this issue when using a custom User model. If I comment out the line:

password = ReadOnlyPasswordHashField()

in my CustomUserChangeForm class, then saves with no changes are correctly logged with "No fields changed." However, then I'm able to see and edit the hash. Once the line is back in my code, every save results in a "Changed password." log entry.

comment:7 Changed 6 years ago by Tim Graham

Resolution: fixed
Status: newclosed

This was fixed in 1.6, not 1.5 (if you look at the commit, you'll see it has 1.6 tags). Since you've set "Version" to 1.5, I'm assuming that's the version you are reporting this against -- please reopen if not. A test case for Django's test suite would also be extremely helpful if you believe there's still a bug here.

Note: See TracTickets for help on using tickets.
Back to Top