#34379 closed Bug (invalid)

Invalid regex pattern for password reset token in 4.2b1

Reported by: Dmitriy Sintsov Owned by: nobody
Component: contrib.auth Version: 4.2
Severity: Normal Keywords: password reset token auth admin
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by Dmitriy Sintsov)

Probably the second part of token (32 chars) is too long for {1,20} regex:

NoReverseMatch at /password-reset/
Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64': 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1 pattern(s) tried: ['reset/(?P<uidb64>[0-9A-Za-z_\\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
Request Method:	POST
Request URL:	http://127.0.0.1:8000/password-reset/
Django Version:	4.2b1
Exception Type:	NoReverseMatch
Exception Value:	
Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64': 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1 pattern(s) tried: ['reset/(?P<uidb64>[0-9A-Za-z_\\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
Exception Location:	/home/user/work/ispdevenv/lib/python3.10/site-packages/django/urls/resolvers.py, line 828, in _reverse_with_prefix

Error during template rendering
In template /home/user/work/ispdevenv/lib/python3.10/site-packages/django/contrib/admin/templates/registration/password_reset_email.html, error at line 6

Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64': 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1 pattern(s) tried: ['reset/(?P<uidb64>[0-9A-Za-z_\\-]+)/(?P<token>[0-9A-Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
1	{% load i18n %}{% autoescape off %}
2	{% blocktranslate %}You're receiving this email because you requested a password reset for your user account at {{ site_name }}.{% endblocktranslate %}
3	
4	{% translate "Please go to the following page and choose a new password:" %}
5	{% block reset_link %}
6	{{ protocol }}://{{ domain }}{% url 'password_reset_confirm' uidb64=uid token=token %}
7	{% endblock %}
8	{% translate 'Your username, in case you’ve forgotten:' %} {{ user.get_username }}
9	
10	{% translate "Thanks for using our site!" %}
11	
12	{% blocktranslate %}The {{ site_name }} team{% endblocktranslate %}
13	
14	{% endautoescape %}
15	

Change History (2)

comment:1 by Dmitriy Sintsov, 20 months ago

Description: modified (diff)

comment:2 by Mariusz Felisiak, 20 months ago

Resolution: invalid
Status: newclosed

Thanks for this report, however I don't see such regex anywhere in Django. This seems to be an issue in your code.

Note: See TracTickets for help on using tickets.
Back to Top