Opened 12 years ago

Closed 10 years ago

#18460 closed Bug (fixed)

In admin, the history for model User shows always a change in password, although it is not changed

Reported by: jose.sanchez@… Owned by: nobody
Component: contrib.admin Version: 1.5
Severity: Normal Keywords: admin, password
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

Once a user is saved in django admin, and entry in the log is created.

When a field is changed, i.e the username, the history for that user shows:

"Changed password and username."

It shouldn't show password

Change History (7)

comment:1 by Aymeric Augustin, 12 years ago

Component: Uncategorizedcontrib.admin
Triage Stage: UnreviewedAccepted

Indeed, this bug is trivial to reproduce. It probably has something to do with the new password hashing (or it may predate it).

comment:3 by Claude Paroz, 11 years ago

Has patch: set

comment:4 by Claude Paroz, 11 years ago

It is probably RFC, however, if we commit the patch attached to #16612 (waiting review), the _has_changed method will move from widget to field.

comment:5 by Claude Paroz <claude@…>, 11 years ago

Resolution: fixed
Status: newclosed

In 1686e0d184aaf704e5131a8651a070c4a0e58b03:

Fixed #18460 -- Fixed change detection of ReadOnlyPasswordHashField

Thanks jose.sanchez et ezeep.com for the report and Vladimir Ulupov
for the initial patch.

comment:6 by anonymous, 10 years ago

Resolution: fixed
Status: closednew
Version: 1.41.5

I'm still experiencing this issue when using a custom User model. If I comment out the line:

password = ReadOnlyPasswordHashField()

in my CustomUserChangeForm class, then saves with no changes are correctly logged with "No fields changed." However, then I'm able to see and edit the hash. Once the line is back in my code, every save results in a "Changed password." log entry.

comment:7 by Tim Graham, 10 years ago

Resolution: fixed
Status: newclosed

This was fixed in 1.6, not 1.5 (if you look at the commit, you'll see it has 1.6 tags). Since you've set "Version" to 1.5, I'm assuming that's the version you are reporting this against -- please reopen if not. A test case for Django's test suite would also be extremely helpful if you believe there's still a bug here.

Note: See TracTickets for help on using tickets.
Back to Top