Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#24315 closed Bug (fixed)

Using UUIDField for id of custom User model prevents password reset confirm view

Reported by: James Beith Owned by: Tim Graham
Component: contrib.auth Version: 1.8alpha1
Severity: Release blocker Keywords:
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

When using the new UUIDField in Django 1.8 for the id of a custom User model, the auth view password_reset_confirm throws a ProgrammingError exception when it attempts to get the user.

operator does not exist: uuid = bytea
LINE 1: ..." FROM "common_person" WHERE "common_person"."id" = '\x63363...

HINT:  No operator matches the given name and argument type(s). You might need to add explicit type casts.

Attachments (1)

24315-test.diff (1.6 KB ) - added by Tim Graham 10 years ago.

Download all attachments as: .zip

Change History (11)

comment:1 by James Beith, 10 years ago

Full traceback:

Environment:


Request Method: GET
Request URL: http://www.example.com:8000/forgot/reset/YzY1OTJjNjItNzU0NS00ZDUwLTk2YzYtNGRkY2E0NThkZGRi/3z5-0ece360518cf9c96988a

Django Version: 1.8a1
Python Version: 3.4.2
Installed Applications:
('common',
 'core',
 'account',
 'errors',
 'forgot',
 'home',
 'images',
 'pages',
 'posts',
 'register',
 'signin',
 'signout',
 'sites',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.auth.middleware.SessionAuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'core.middleware.trailing_slash.AppendOrRemoveSlashMiddleware')


Traceback:
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/core/handlers/base.py" in get_response
  131.                     response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/Users/James/Documents/GitHub/example/example/project/forgot/views.py" in forgot_password_reset_confirm
  47.     return password_reset_confirm(request, *args, **kwargs)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/views/decorators/debug.py" in sensitive_post_parameters_wrapper
  76.             return view(request, *args, **kwargs)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/views/decorators/cache.py" in _wrapped_view_func
  54.         response = view_func(request, *args, **kwargs)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/contrib/auth/views.py" in password_reset_confirm
  231.         user = UserModel._default_manager.get(pk=uid)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/models/manager.py" in manager_method
  127.                 return getattr(self.get_queryset(), name)(*args, **kwargs)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/models/query.py" in get
  325.         num = len(clone)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/models/query.py" in __len__
  141.         self._fetch_all()
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/models/query.py" in _fetch_all
  962.             self._result_cache = list(self.iterator())
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/models/query.py" in iterator
  235.         results = compiler.execute_sql()
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/models/sql/compiler.py" in execute_sql
  830.             cursor.execute(sql, params)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/backends/utils.py" in execute
  80.             return super(CursorDebugWrapper, self).execute(sql, params)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/backends/utils.py" in execute
  65.                 return self.cursor.execute(sql, params)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/utils.py" in __exit__
  95.                 six.reraise(dj_exc_type, dj_exc_value, traceback)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/utils/six.py" in reraise
  658.             raise value.with_traceback(tb)
File "/Users/James/.virtualenvs/example/lib/python3.4/site-packages/django/db/backends/utils.py" in execute
  65.                 return self.cursor.execute(sql, params)

Exception Type: ProgrammingError at /forgot/reset/YzY1OTJjNjItNzU0NS00ZDUwLTk2YzYtNGRkY2E0NThkZGRi/3z5-0ece360518cf9c96988a
Exception Value: operator does not exist: uuid = bytea
LINE 1: ..." FROM "common_person" WHERE "common_person"."id" = '\x63363...
                                                             ^
HINT:  No operator matches the given name and argument type(s). You might need to add explicit type casts.

comment:2 by Tim Graham, 10 years ago

Triage Stage: UnreviewedAccepted

comment:3 by Tim Graham, 10 years ago

Owner: changed from nobody to Tim Graham
Status: newassigned

by Tim Graham, 10 years ago

Attachment: 24315-test.diff added

comment:4 by Tim Graham, 10 years ago

Resolution: worksforme
Status: assignedclosed

I couldn't reproduce this. See previous comment for a patch which modifies an existing test in Django's test suite for password reset to use a UUIDUser. Please reopen if you can provide more details (ideally, modifying that test so that it fails).

comment:5 by James Beith, 10 years ago

Resolution: worksforme
Status: closednew

The above test does fail for me. I did the following:

  • Create virtual Python environment on my OS X 10.10.2 machine
    • Python 3.4.2
    • pip 1.5.6
    • setuptools 3.6
  • Cloned Django master branch
  • Applied the above patch 24315-test.diff
  • Ran the test PYTHONPATH=..:$PYTHONPATH ./runtests.py auth_tests.test_views
Testing against Django installed in '/Users/James/Desktop/uuid-password-reset/django'
Creating test database for alias 'default'...
Creating test database for alias 'other'...
..............F...................................................
======================================================================
FAIL: test_confirm_valid_custom_user (auth_tests.test_views.CustomUserPasswordResetTest)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/Users/James/Desktop/uuid-password-reset/tests/auth_tests/test_views.py", line 356, in test_confirm_valid_custom_user
    self.assertContains(response, "Please enter your new password")
  File "/Users/James/Desktop/uuid-password-reset/django/test/testcases.py", line 357, in assertContains
    msg_prefix + "Couldn't find %s in response" % text_repr)
AssertionError: False is not true : Couldn't find 'Please enter your new password' in response

----------------------------------------------------------------------
Ran 66 tests in 1.771s

FAILED (failures=1)
Destroying test database for alias 'default'...
Destroying test database for alias 'other'...

comment:6 by Tim Graham, 10 years ago

Thanks, it seems to be a difference between Python 2 and 3. I'll take another look.

comment:7 by Tim Graham, 10 years ago

Has patch: set

comment:8 by Simon Charette, 10 years ago

Triage Stage: AcceptedReady for checkin

comment:9 by Tim Graham <timograham@…>, 10 years ago

Resolution: fixed
Status: newclosed

In 002425fe39f62faafaa32e400f7531809181a1a0:

Fixed #24315 -- Fixed auth.views.password_reset_confirm() with a UUID user.

comment:10 by Tim Graham <timograham@…>, 10 years ago

In 2347f3267fbbfab76930fb6068b0361bff297691:

[1.8.x] Fixed #24315 -- Fixed auth.views.password_reset_confirm() with a UUID user.

Backport of 002425fe39f62faafaa32e400f7531809181a1a0 from master

Note: See TracTickets for help on using tickets.
Back to Top