Change user password creates a LogEntry with incorrect user
|Reported by:||Owned by:||Tim Graham|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When changing the password of a user in the Admin, an admin log entry is created (LogEntry) that records the password change.
What I expected:
Changing the password of a user I expect the LogEntry to record the user who performed the action, and the user upon whom the action was completed.
What I got:
The LogEntry records my user changing the password of my user.
- Log in as a super-user (in my case 'ross')
- Change the password of any other user (in my case 'bob')
- Check the LogEntry which will show an action by 'ross' against 'ross'.
I believe the issue may be at
https://github.com/django/django/blob/fd23c06023a0585ee743c0752dc94da66694cf63/django/contrib/auth/admin.py#L132 and that user should be passed in, rather than request.user.
Change History (4)
comment:1 Changed 3 years ago by
|Owner:||changed from nobody to Tim Graham|
|Severity:||Normal → Release blocker|
|Status:||new → assigned|
|Triage Stage:||Unreviewed → Accepted|