Opened 16 years ago

Closed 16 years ago

#6943 closed (fixed)

Multiple emails in admin can cause error

Reported by: Michael Newman Owned by: Michael Newman
Component: contrib.admin Version: newforms-admin
Severity: Keywords: admin, login, nfa
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

If you have multiple users who have the same e-mail address and one of them try to log into the admin site with their email address Django throws an exception. This is a extreme fringe case, but I have been biten by it due to editors who don't know what they are doing.

I applied a patch that doesn't return a username from the e-mail address. I can't find tests to add a line that would test for this. This patch is applied to Newforms Admin, but the two lines could be applied to trunk without a problem.

Attachments (3)

6943-admin-multiple-emails.diff (732 bytes ) - added by Michael Newman 16 years ago.
simple two line patch to catch the exception and return a generic message
6943-nfa-admin-multiple-emails.diff (2.4 KB ) - added by Michael Newman 16 years ago.
New patch against New-Forms Admin r7612, with tests!
6943-nfa-admin-multiple-emails.2.diff (3.3 KB ) - added by Michael Newman 16 years ago.
New patch addressing the idea of e-mail address guessing.

Download all attachments as: .zip

Change History (9)

by Michael Newman, 16 years ago

simple two line patch to catch the exception and return a generic message

comment:1 by Michael Newman, 16 years ago

Keywords: nfa added
Needs tests: set
Owner: changed from nobody to Michael Newman
Status: newassigned

by Michael Newman, 16 years ago

New patch against New-Forms Admin r7612, with tests!

comment:2 by Michael Newman, 16 years ago

Version: SVNnewforms-admin

comment:3 by Marc Fargas, 16 years ago

Triage Stage: UnreviewedAccepted

comment:4 by Michael Newman, 16 years ago

Triage Stage: AcceptedReady for checkin

in reply to:  4 comment:5 by Marc Fargas, 16 years ago

Needs tests: unset

by Michael Newman, 16 years ago

New patch addressing the idea of e-mail address guessing.

comment:6 by Brian Rosner, 16 years ago

Resolution: fixed
Status: assignedclosed

(In [7694]) newforms-admin: Fixed #6943 and #7263 -- Handle multiple e-mail addresses when checking if it was mistakenly entered. Also prevent e-mail guessing by checking password before throwing an error. Thanks Michael Newman and Valera Grishin.

Note: See TracTickets for help on using tickets.
Back to Top