Opened 7 years ago

Closed 7 years ago

#19056 closed Bug (fixed)

Admin password change page relies on user.username

Reported by: Russell Keith-Magee Owned by: nobody
Component: contrib.admin Version: master
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


The admin "change password" template currently renders "original.username" to identify the user whose password is to be changed.

Pluggable user models means that username isn't always available. It should use __unicode__ instead.

Change History (6)

comment:1 Changed 7 years ago by Russell Keith-Magee <russell@…>

Resolution: fixed
Status: newclosed

In 4c75344cc1d3c74ed73b7a8d6aab92a173afe8f5:

Fixed #19056 -- Ensure admin change password template doesn't rely on username attribute.

comment:2 Changed 7 years ago by Gabe Jackson

this also applies to the 'title' context variable set in UserAdmin's def user_change_password(self, request, id, form_url=''): somewhere about:

context = {
            'title': _('Change password: %s') % escape(user.username),
            'adminForm': adminForm,

this should be changed to

context = {
            'title': _('Change password: %s') % escape(user.get_username()),
            'adminForm': adminForm,

i'm on the run right now, but perhaps somebody could commit that.



Last edited 7 years ago by Aymeric Augustin (previous) (diff)

comment:3 Changed 7 years ago by Aymeric Augustin

Resolution: fixed
Status: closedreopened

comment:4 Changed 7 years ago by Russell Keith-Magee

Severity: NormalRelease blocker
Triage Stage: UnreviewedAccepted

Good catch -- it's would also be worth doing a quick search for .username to see if there is anywhere else that the attribute is being used directly.

comment:5 Changed 7 years ago by Ryan Kaskel

I have pull request for this (tiny) change on Github. I probably should have opened a ticket.

I quick grep of django.contrib.auth reveals this to be the sole remaining reference (aside from in tests).

I will close it the request if you commit your own patch.

comment:6 Changed 7 years ago by Aymeric Augustin <aymeric.augustin@…>

Resolution: fixed
Status: reopenedclosed

In 9e11253497d7592964e311d007ac5ba28ca22808:

Merge pull request #511 from ryankask/username-password-admin

Allowed custom User models to use the UserAdmin's change password view.

Fix #19056 (again).

Note: See TracTickets for help on using tickets.
Back to Top