Opened 16 months ago

Closed 16 months ago

Last modified 16 months ago

#22515 closed Bug (fixed)

Change user password creates a LogEntry with incorrect user

Reported by: ross@… Owned by: timo
Component: contrib.admin Version: 1.6
Severity: Release blocker Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

When changing the password of a user in the Admin, an admin log entry is created (LogEntry) that records the password change.

What I expected:

Changing the password of a user I expect the LogEntry to record the user who performed the action, and the user upon whom the action was completed.

What I got:

The LogEntry records my user changing the password of my user.

Repro:

  1. Log in as a super-user (in my case 'ross')
  2. Change the password of any other user (in my case 'bob')
  3. Check the LogEntry which will show an action by 'ross' against 'ross'.

I believe the issue may be at
https://github.com/django/django/blob/fd23c06023a0585ee743c0752dc94da66694cf63/django/contrib/auth/admin.py#L132 and that user should be passed in, rather than request.user.

Change History (4)

comment:1 Changed 16 months ago by timo

  • Needs documentation unset
  • Needs tests unset
  • Owner changed from nobody to timo
  • Patch needs improvement unset
  • Severity changed from Normal to Release blocker
  • Status changed from new to assigned
  • Triage Stage changed from Unreviewed to Accepted

Confirmed as a bug from #19019.

comment:2 Changed 16 months ago by Tim Graham <timograham@…>

  • Resolution set to fixed
  • Status changed from assigned to closed

In 9e7f86b890a71bcc86ec7bcd9ee0c05801b5e807:

Fixed #22515 -- Fixed the object_id of the LogEntry that's created after a user password change in the admin.

Thanks ross at servercode.co.uk for the report.

comment:3 Changed 16 months ago by Tim Graham <timograham@…>

In d16948bd19737a60811eeaae77b8eb282de8bdb3:

[1.6.x] Fixed #22515 -- Fixed the object_id of the LogEntry that's created after a user password change in the admin.

Thanks ross at servercode.co.uk for the report.

Backport of 9e7f86b890 from master

comment:4 Changed 16 months ago by Tim Graham <timograham@…>

In 6d87acc390d96b78423031a4c1c16f15ce202b85:

[1.7.x] Fixed #22515 -- Fixed the object_id of the LogEntry that's created after a user password change in the admin.

Thanks ross at servercode.co.uk for the report.

Backport of 9e7f86b890 from master

Note: See TracTickets for help on using tickets.
Back to Top