Context Navigation

← Previous Ticket
Next Ticket →

Opened 21 months ago

Closed 21 months ago

#34379 closed Bug (invalid)

Invalid regex pattern for password reset token in 4.2b1

Reported by:	Dmitriy Sintsov	Owned by:	nobody
Component:	contrib.auth	Version:	4.2
Severity:	Normal	Keywords:	password reset token auth admin
Cc:		Triage Stage:	Unreviewed
Has patch:	no	Needs documentation:	no
Needs tests:	no	Patch needs improvement:	no
Easy pickings:	yes	UI/UX:	no

Description (last modified by Dmitriy Sintsov)

Probably the second part of token (32 chars) is too long for {1,20} regex:

NoReverseMatch at /password-reset/
Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64': 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1 pattern(s) tried: ['reset/(?P<uidb64>[0-9A-Za-z_\\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
Request Method:	POST
Request URL:	http://127.0.0.1:8000/password-reset/
Django Version:	4.2b1
Exception Type:	NoReverseMatch
Exception Value:	
Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64': 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1 pattern(s) tried: ['reset/(?P<uidb64>[0-9A-Za-z_\\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
Exception Location:	/home/user/work/ispdevenv/lib/python3.10/site-packages/django/urls/resolvers.py, line 828, in _reverse_with_prefix

Error during template rendering
In template /home/user/work/ispdevenv/lib/python3.10/site-packages/django/contrib/admin/templates/registration/password_reset_email.html, error at line 6

Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64': 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1 pattern(s) tried: ['reset/(?P<uidb64>[0-9A-Za-z_\\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
1	{% load i18n %}{% autoescape off %}
2	{% blocktranslate %}You're receiving this email because you requested a password reset for your user account at {{ site_name }}.{% endblocktranslate %}
3	
4	{% translate "Please go to the following page and choose a new password:" %}
5	{% block reset_link %}
6	{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}
7	{% endblock %}
8	{% translate 'Your username, in case you’ve forgotten:' %} {{ user.get_username }}
9	
10	{% translate "Thanks for using our site!" %}
11	
12	{% blocktranslate %}The {{ site_name }} team{% endblocktranslate %}
13	
14	{% endautoescape %}
15

Change History (2)

comment:1 by Dmitriy Sintsov, 21 months ago

Description:	modified (diff)

comment:2 by Mariusz Felisiak, 21 months ago

Resolution:	→ invalid
Status:	new → closed

Thanks for this report, however I don't see such regex anywhere in Django. This seems to be an issue in your code.

Note: See TracTickets for help on using tickets.

Download in other formats: