Admin password change page relies on user.username

[Russell Keith-Magee]

The admin "change password" template currently renders "original.username" to identify the user whose password is to be changed.

Pluggable user models means that username isn't always available. It should use __unicode__ instead.

[Russell Keith-Magee <russell@…>]

In 4c75344cc1d3c74ed73b7a8d6aab92a173afe8f5:

Fixed #19056 -- Ensure admin change password template doesn't rely on username attribute.

[Gabe Jackson]

this also applies to the 'title' context variable set in UserAdmin's def user_change_password(self, request, id, form_url=''): somewhere about:

context = {
            'title': _('Change password: %s') % escape(user.username),
            'adminForm': adminForm,

this should be changed to

context = {
            'title': _('Change password: %s') % escape(user.get_username()),
            'adminForm': adminForm,

i'm on the run right now, but perhaps somebody could commit that.

Greetings,

Gabe

[Russell Keith-Magee]

Good catch -- it's would also be worth doing a quick search for .username to see if there is anywhere else that the attribute is being used directly.

[Ryan Kaskel]

I have pull request for this (tiny) change on Github. I probably should have opened a ticket. ​https://github.com/django/django/pull/511

I quick grep of django.contrib.auth reveals this to be the sole remaining reference (aside from in tests).

I will close it the request if you commit your own patch.

[Aymeric Augustin <aymeric.augustin@…>]

In 9e11253497d7592964e311d007ac5ba28ca22808:

Merge pull request #511 from ryankask/username-password-admin

Allowed custom User models to use the UserAdmin's change password view.

Fix #19056 (again).