Fixed #19133 -- Corrected regression in form handling for user passwords.
Thanks to pressureman for the report, and to Preston Holmes for the draft patch.
This commit is contained in:
Russell Keith-Magee
parent
4cef9a09f9
commit
04b53ebfb7
|
|
@ -52,9 +52,6 @@ class ReadOnlyPasswordHashField(forms.Field):
|
||||||
kwargs.setdefault("required", False)
|
kwargs.setdefault("required", False)
|
||||||
super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs)
|
super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs)
|
||||||
|
|
||||||
def clean_password(self):
|
|
||||||
return self.initial
|
|
||||||
|
|
||||||
|
|
||||||
class UserCreationForm(forms.ModelForm):
|
class UserCreationForm(forms.ModelForm):
|
||||||
"""
|
"""
|
||||||
|
|
@ -130,6 +127,12 @@ class UserChangeForm(forms.ModelForm):
|
||||||
if f is not None:
|
if f is not None:
|
||||||
f.queryset = f.queryset.select_related('content_type')
|
f.queryset = f.queryset.select_related('content_type')
|
||||||
|
|
||||||
|
def clean_password(self):
|
||||||
|
# Regardless of what the user provides, return the initial value.
|
||||||
|
# This is done here, rather than on the field, because the
|
||||||
|
# field does not have access to the initial value
|
||||||
|
return self.initial["password"]
|
||||||
|
|
||||||
|
|
||||||
class AuthenticationForm(forms.Form):
|
class AuthenticationForm(forms.Form):
|
||||||
"""
|
"""
|
||||||
|
|
|
||||||
|
|
@ -265,6 +265,23 @@ class UserChangeFormTest(TestCase):
|
||||||
self.assertIn(_("Invalid password format or unknown hashing algorithm."),
|
self.assertIn(_("Invalid password format or unknown hashing algorithm."),
|
||||||
form.as_table())
|
form.as_table())
|
||||||
|
|
||||||
|
def test_bug_19133(self):
|
||||||
|
"The change form does not return the password value"
|
||||||
|
# Use the form to construct the POST data
|
||||||
|
user = User.objects.get(username='testclient')
|
||||||
|
form_for_data = UserChangeForm(instance=user)
|
||||||
|
post_data = form_for_data.initial
|
||||||
|
|
||||||
|
# The password field should be readonly, so anything
|
||||||
|
# posted here should be ignored; the form will be
|
||||||
|
# valid, and give back the 'initial' value for the
|
||||||
|
# password field.
|
||||||
|
post_data['password'] = 'new password'
|
||||||
|
form = UserChangeForm(instance=user, data=post_data)
|
||||||
|
|
||||||
|
self.assertTrue(form.is_valid())
|
||||||
|
self.assertEqual(form.cleaned_data['password'], 'sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161')
|
||||||
|
|
||||||
|
|
||||||
@skipIfCustomUser
|
@skipIfCustomUser
|
||||||
@override_settings(USE_TZ=False, PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
|
@override_settings(USE_TZ=False, PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',))
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue