Change user password creates a LogEntry with incorrect user
|Reported by:||ross@…||Owned by:||timo|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
When changing the password of a user in the Admin, an admin log entry is created (LogEntry) that records the password change.
What I expected:
Changing the password of a user I expect the LogEntry to record the user who performed the action, and the user upon whom the action was completed.
What I got:
The LogEntry records my user changing the password of my user.
- Log in as a super-user (in my case 'ross')
- Change the password of any other user (in my case 'bob')
- Check the LogEntry which will show an action by 'ross' against 'ross'.
I believe the issue may be at
https://github.com/django/django/blob/fd23c06023a0585ee743c0752dc94da66694cf63/django/contrib/auth/admin.py#L132 and that user should be passed in, rather than request.user.
Change History (4)
comment:1 Changed 2 years ago by timo
- Needs documentation unset
- Needs tests unset
- Owner changed from nobody to timo
- Patch needs improvement unset
- Severity changed from Normal to Release blocker
- Status changed from new to assigned
- Triage Stage changed from Unreviewed to Accepted
comment:2 Changed 2 years ago by Tim Graham <timograham@…>
- Resolution set to fixed
- Status changed from assigned to closed