#21293 closed Bug (fixed)
Some authentication-related templates are broken
Reported by: | Daniele Procida | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Release blocker | Keywords: | |
Cc: | bmispelon@…, Tim Graham | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | yes |
Description
Commit a962286b74f1e8c8cb19fb45a057800da8c2fb56 https://github.com/django/django/commit/a962286b74f1e8c8cb19fb45a057800da8c2fb56 breaks the default template for /user/password/reset/, and possibly others.
See https://www.dropbox.com/s/zqng1mftd1rgcqb/Screenshot%202013-10-19%2009.19.51.png - the "Welcome, daniele. Change password / Log out" text in <div id="user-tools">
is not visible, because it has a white background.
Attachments (2)
Change History (16)
by , 11 years ago
Attachment: | ticket-21293.diff added |
---|
comment:1 by , 11 years ago
Cc: | added |
---|---|
Triage Stage: | Unreviewed → Accepted |
comment:2 by , 11 years ago
The removal of {% trans 'Django administration' %}
in admin/base_site.html
is what breaks (for example) password_reset_form.html
, since https://github.com/django/django/blob/master/django/contrib/auth/views.py#L133 doesn't pass in a site_header
. I am not sure how to resolve this, since probably we should not be showing "Django administration" text on non-admin authentication pages.
Options:
- change the views in
auth.views
- change the HTML/CSS in
base_site.html
so that theuser_tools
div is not at the mercy of the background on the h1.
by , 11 years ago
Attachment: | 21293-css.diff added |
---|
comment:6 by , 11 years ago
Cc: | added |
---|---|
Has patch: | set |
Added a proposed fix for the CSS: removed the absolute positioning of the usertools
div and used float positioning to allow the #header
div to expand based on the height on its content.
comment:7 by , 11 years ago
Timo: Is there anything that means we shouldn't commit this? The fix looks valid to me.
follow-up: 9 comment:8 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
comment:9 by , 11 years ago
Resolution: | fixed |
---|---|
Status: | closed → new |
Replying to EvilDMP:
Commit a962286b74f1e8c8cb19fb45a057800da8c2fb56 https://github.com/django/django/commit/a962286b74f1e8c8cb19fb45a057800da8c2fb56 breaks the default template for /user/password/reset/,
Are you sure this happened actually for the password reset view (the one in which the user enters his email address so a token is sent there)?
AFAIK there is no access to that particular view from the admin app and the only two password related pages there are:
a) The one in which a staff user can set his new password by entering the old one (i.e. /admin/password_change/
) and
b) The one in which a superuser (or a staff user with the right permissions) can force a new password on any user (i.e. /admin/auth/user/<pk>/password/
).
Yes, the naming is a bit confusing :)
I observed the problem reported by this ticket only in case b.
and possibly others.
Was this actually a problem for any other view?
Replying to EvilDMP:
I am not sure how to resolve this, since probably we should not be showing "Django administration" text on non-admin authentication pages.
In case b there is no danger of this because it's fully handled in the admin realm in django/contrib/auth/admin.py:userAdmin.user_change_password()
Replying to Tim Graham <timograham@…>:
Fixed #21293 -- Adjusted admin header CSS to fix admin password reset template.
By removing the absolute positioning of the usertools div and using
float positioning, the #header div will expand based on the height of
its content.
With this change the height of the header is fixed but, when compared to 1.6, the "Django administration" title text usually located on the left is still missing.
For that, I've opened https://github.com/django/django/pull/2418 that updates the context passed to the template in the same spirit of 9c6b57f709bb6123d8abae6ba05e92085ec2f426.
comment:12 by , 11 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
I've merged the fix for the missing "Django administration" title in the force-new-password-by-staff view. Will analyze the password reset view (https://docs.djangoproject.com/en/dev/ref/contrib/admin/#adding-a-password-reset-feature) issue after beta.
The problem comes from the fact that
password_reset
does not pass asite_header
variable to its context. Consequently, the header ends up being empty and shrinks.Therefore, the text that should have been printed on the header's dark background gets printed onto the page's white background, which makes it invisible.
I attached a tentative solution but I'm not sure if it's ideal. Tweaking the CSS might be a better idea.
I couldn't find whether this had been backported to 1.6 (the comments on github by adrian indicate that was the original intent but I can't find a backport commit on
stable/1.6.x
).If it has indeed been backported, I think it should be marked as a release blocker since it changes the old behavior.