Opened 18 years ago
Closed 17 years ago
#3029 closed defect (fixed)
[patch] Erroneous values stored in contrib.auth fields: date_joined, last_login
Reported by: | Tim Goh | Owned by: | nobody |
---|---|---|---|
Component: | Contrib apps | Version: | dev |
Severity: | normal | Keywords: | |
Cc: | gary.wilson@… | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | yes |
Easy pickings: | no | UI/UX: | no |
Description
Problem:
The date_joined and last_login fields in the contrib.auth package are both declared as "default=models.LazyDate()", which results in the following incorrect behavior:
- date_joined and last_login are updated to the current date/time whenever the User model is saved.
- last_login is updated when the user logs into the admin interface, but any application front-ends hooking on to contrib.auth will have to update it themselves upon authenticating. This is not what the name "last_login" implies.
Patch description:
(patched against r4077)
The attached patch defines date_joined and last_login as auto_now_add=True, so they are timestamped upon creation of the user object. Subsequently, upon successful authentication, last_login is updated with the current time.
Attachments (2)
Change History (8)
by , 18 years ago
Attachment: | contrib_auth_date_fields_errors.patch added |
---|
comment:1 by , 18 years ago
comment:2 by , 18 years ago
You're right. The last_login update code should go in ModelBackend instead. Updated diff attached.
comment:3 by , 18 years ago
Updating last_login
in the backend's authenticate method is not quite right either. The AuthenticationForm manipulator can still raise errors after authenticate() has been called, in which case last_login
gets updated when it should not.
comment:4 by , 18 years ago
Cc: | added |
---|
comment:5 by , 18 years ago
Patch needs improvement: | set |
---|---|
Triage Stage: | Unreviewed → Accepted |
comment:6 by , 17 years ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
LazyDate
is gone and those fields now default to datetime.datetime.now
which only happens on the initial save, so this is fixed.
You can't assume that
user
will have alast_login
property - you're assuming it will bedjango.auth.models.User
, when it could be any model passed from an alternate auth backend.