mirror of
https://github.com/django/django.git
synced 2025-01-22 16:19:35 +00:00
Fixed #19133 -- Corrected regression in form handling for user passwords.
Thanks to pressureman for the report, and to Preston Holmes for the draft patch.
This commit is contained in:
parent
4cef9a09f9
commit
04b53ebfb7
@ -52,9 +52,6 @@ class ReadOnlyPasswordHashField(forms.Field):
|
||||
kwargs.setdefault("required", False)
|
||||
super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs)
|
||||
|
||||
def clean_password(self):
|
||||
return self.initial
|
||||
|
||||
|
||||
class UserCreationForm(forms.ModelForm):
|
||||
"""
|
||||
@ -130,6 +127,12 @@ class UserChangeForm(forms.ModelForm):
|
||||
if f is not None:
|
||||
f.queryset = f.queryset.select_related('content_type')
|
||||
|
||||
def clean_password(self):
|
||||
# Regardless of what the user provides, return the initial value.
|
||||
# This is done here, rather than on the field, because the
|
||||
# field does not have access to the initial value
|
||||
return self.initial["password"]
|
||||
|
||||
|
||||
class AuthenticationForm(forms.Form):
|
||||
"""
|
||||
|
@ -265,6 +265,23 @@ class UserChangeFormTest(TestCase):
|
||||
self.assertIn(_("Invalid password format or unknown hashing algorithm."),
|
||||
form.as_table())
|
||||
|
||||
def test_bug_19133(self):
|
||||
"The change form does not return the password value"
|
||||
# Use the form to construct the POST data
|
||||
user = User.objects.get(username='testclient')
|
||||
form_for_data = UserChangeForm(instance=user)
|
||||
post_data = form_for_data.initial
|
||||
|
||||
# The password field should be readonly, so anything
|
||||
# posted here should be ignored; the form will be
|
||||
# valid, and give back the 'initial' value for the
|
||||
# password field.
|
||||
post_data['password'] = 'new password'
|
||||
form = UserChangeForm(instance=user, data=post_data)
|
||||
|
||||
self.assertTrue(form.is_valid())
|
||||
self.assertEqual(form.cleaned_data['password'], 'sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161')
|
||||
|
||||
|
||||
@skipIfCustomUser
|
||||
@override_settings(USE_TZ=False, PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
|
||||
|
Loading…
x
Reference in New Issue
Block a user