Opened 5 weeks ago
Closed 4 weeks ago
#36087 closed Bug (fixed)
Password reset does not support a custom user model with a composite primary key
Reported by: | Jacob Walls | Owned by: | Sarah Boyce |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Release blocker | Keywords: | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
It may not be likely someone would try this, but even so, we might add a system check or otherwise document that contrib.auth
is not composite primary key ready. Then we can decide on whether to add support.
Adjusting a custom user model like this:
-
tests/auth_tests/models/custom_user.py
diff --git a/tests/auth_tests/models/custom_user.py b/tests/auth_tests/models/custom_user.py index 4586e452cd..0647e47ede 100644
a b class CustomUserManager(BaseUserManager): 52 52 53 53 54 54 class CustomUser(AbstractBaseUser): 55 pk = models.CompositePrimaryKey("email", "date_of_birth") 55 56 email = models.EmailField(verbose_name="email address", max_length=255, unique=True) 56 57 is_active = models.BooleanField(default=True) 57 58 is_admin = models.BooleanField(default=False)
Leads to various failures in contrib.auth that expect to deserialize a pk by decoding to a bytestring.
The failure I was playing with was a little easier to see by doing this:
-
django/contrib/auth/views.py
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py index a18cfdb347..4c82a4103c 100644
a b class PasswordResetConfirmView(PasswordContextMixin, FormView): 304 304 user = UserModel._default_manager.get(pk=uid) 305 305 except ( 306 306 TypeError, 307 ValueError,307 # ValueError, 308 308 OverflowError, 309 309 UserModel.DoesNotExist, 310 310 ValidationError,
Then...
====================================================================== ERROR: test_confirm_valid_custom_user (auth_tests.test_views.CustomUserPasswordResetTest.test_confirm_valid_custom_user) ---------------------------------------------------------------------- Traceback (most recent call last): File "/Users/.../django/tests/auth_tests/test_views.py", line 529, in test_confirm_valid_custom_user response = self.client.get(path) ^^^^^^^^^^^^^^^^^^^^^ ... File "/Users/.../django/django/contrib/auth/views.py", line 275, in dispatch self.user = self.get_user(kwargs["uidb64"]) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/Users/.../django/django/contrib/auth/views.py", line 304, in get_user user = UserModel._default_manager.get(pk=uid) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ... File "/Users/.../django/django/db/models/lookups.py", line 30, in __init__ self.rhs = self.get_prep_lookup() ^^^^^^^^^^^^^^^^^^^^^^ File "/Users/.../django/django/db/models/fields/tuple_lookups.py", line 36, in get_prep_lookup self.check_rhs_is_tuple_or_list() File "/Users/.../django/django/db/models/fields/tuple_lookups.py", line 45, in check_rhs_is_tuple_or_list raise ValueError( ValueError: 'exact' lookup of 'pk' must be a tuple or a list ---------------------------------------------------------------------- Ran 2 tests in 0.056s FAILED (errors=1)
Change History (6)
comment:1 by , 5 weeks ago
Description: | modified (diff) |
---|
comment:2 by , 5 weeks ago
Description: | modified (diff) |
---|
comment:3 by , 4 weeks ago
Owner: | set to |
---|---|
Severity: | Normal → Release blocker |
Status: | new → assigned |
Summary: | Add system check mentioning contrib.auth is not composite primary key ready → Password reset does not support a custom user model with a composite primary key |
Triage Stage: | Unreviewed → Accepted |
Type: | Cleanup/optimization → Bug |
comment:4 by , 4 weeks ago
Has patch: | set |
---|
comment:5 by , 4 weeks ago
Triage Stage: | Accepted → Ready for checkin |
---|
Note:
See TracTickets
for help on using tickets.
Good spot!
There's a chance that adding support for custom user models with CompositePrimaryKey's might be easier than adding a system check
Something roughly like:
django/contrib/auth/forms.py
force_bytes(user.pk)),django/contrib/auth/views.py
If it's more complex, then perhaps we add some docs or a system check as suggested