Opened 18 years ago
Closed 17 years ago
#3029 closed defect (fixed)
[patch] Erroneous values stored in contrib.auth fields: date_joined, last_login
| Reported by: | Tim Goh | Owned by: | nobody |
|---|---|---|---|
| Component: | Contrib apps | Version: | dev |
| Severity: | normal | Keywords: | |
| Cc: | gary.wilson@… | Triage Stage: | Accepted |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | yes |
| Easy pickings: | no | UI/UX: | no |
Description
Problem:
The date_joined and last_login fields in the contrib.auth package are both declared as "default=models.LazyDate()", which results in the following incorrect behavior:
- date_joined and last_login are updated to the current date/time whenever the User model is saved.
- last_login is updated when the user logs into the admin interface, but any application front-ends hooking on to contrib.auth will have to update it themselves upon authenticating. This is not what the name "last_login" implies.
Patch description:
(patched against r4077)
The attached patch defines date_joined and last_login as auto_now_add=True, so they are timestamped upon creation of the user object. Subsequently, upon successful authentication, last_login is updated with the current time.
Attachments (2)
Change History (8)
by , 18 years ago
| Attachment: | contrib_auth_date_fields_errors.patch added |
|---|
comment:1 by , 18 years ago
comment:2 by , 18 years ago
You're right. The last_login update code should go in ModelBackend instead. Updated diff attached.
comment:3 by , 18 years ago
Updating last_login in the backend's authenticate method is not quite right either. The AuthenticationForm manipulator can still raise errors after authenticate() has been called, in which case last_login gets updated when it should not.
comment:4 by , 18 years ago
| Cc: | added |
|---|
comment:5 by , 18 years ago
| Patch needs improvement: | set |
|---|---|
| Triage Stage: | Unreviewed → Accepted |
comment:6 by , 17 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
LazyDate is gone and those fields now default to datetime.datetime.now which only happens on the initial save, so this is fixed.
You can't assume that
userwill have alast_loginproperty - you're assuming it will bedjango.auth.models.User, when it could be any model passed from an alternate auth backend.