Opened 8 years ago
Closed 8 years ago
#26599 closed Bug (worksforme)
Django Passsword Change Form giving wrong POST value for Old Password of Admin
Reported by: | shikha-desai | Owned by: | nobody |
---|---|---|---|
Component: | Template system | Version: | 1.8 |
Severity: | Normal | Keywords: | Admin:Password Change Form |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
I have created a link to the Password Change Form using :
<a href="{% url 'admin:password_change' %}">{% trans 'Change password' %}</a>
The problem is : It works for all web users, but if I login as admin and then change the password, say if the original password is:'admin'...Now I change it to '1234', it works and I can login again.
But when I again go to change_password and try to change from '1234' to something else, it gives 'Incorrect Old Password'.
On debugging, I found that the POST request received has the old_password field value as 'admin' while I have typed '1234'.
When I tried to add another field on the html page and updated the old_password section as below:
<div class="form-group"> <div class="control-label col-sm-2"> {{ form.old_password.label_tag }} </div> <div class="controls col-sm-10"> {% dab_field_rendering form.old_password %} {{ form.old_password }} {% if form.old_password.errors %}<span class="text-danger">{{ form.old_password.errors|striptags }}</span>{% endif %} </div> </div>
It works perfectly fine and receives the correct request, but I can't ask user to enter the old password two times. There seems to be a problem with the code of change password.
Please provide a test case for Django's test suite that demonstrates the problem (see the existing tests in
tests/auth_tests/test_views.py
) or very specific steps with the exact URLs and inputs for each step. Also be sure to disable any third-party apps to rule out a bug there.