Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.
This commit is contained in:
parent
d746f28949
commit
d8dfff2ab0
|
@ -56,16 +56,9 @@ class ReadOnlyPasswordHashField(forms.Field):
|
||||||
|
|
||||||
def __init__(self, *args, **kwargs):
|
def __init__(self, *args, **kwargs):
|
||||||
kwargs.setdefault("required", False)
|
kwargs.setdefault("required", False)
|
||||||
|
kwargs.setdefault('disabled', True)
|
||||||
super().__init__(*args, **kwargs)
|
super().__init__(*args, **kwargs)
|
||||||
|
|
||||||
def bound_data(self, data, initial):
|
|
||||||
# Always return initial because the widget doesn't
|
|
||||||
# render an input field.
|
|
||||||
return initial
|
|
||||||
|
|
||||||
def has_changed(self, initial, data):
|
|
||||||
return False
|
|
||||||
|
|
||||||
|
|
||||||
class UsernameField(forms.CharField):
|
class UsernameField(forms.CharField):
|
||||||
def to_python(self, value):
|
def to_python(self, value):
|
||||||
|
@ -163,12 +156,6 @@ class UserChangeForm(forms.ModelForm):
|
||||||
if user_permissions:
|
if user_permissions:
|
||||||
user_permissions.queryset = user_permissions.queryset.select_related('content_type')
|
user_permissions.queryset = user_permissions.queryset.select_related('content_type')
|
||||||
|
|
||||||
def clean_password(self):
|
|
||||||
# Regardless of what the user provides, return the initial value.
|
|
||||||
# This is done here, rather than on the field, because the
|
|
||||||
# field does not have access to the initial value
|
|
||||||
return self.initial.get('password')
|
|
||||||
|
|
||||||
|
|
||||||
class AuthenticationForm(forms.Form):
|
class AuthenticationForm(forms.Form):
|
||||||
"""
|
"""
|
||||||
|
|
|
@ -625,6 +625,11 @@ Miscellaneous
|
||||||
using :option:`makemessages --locale` option, when they contain hyphens
|
using :option:`makemessages --locale` option, when they contain hyphens
|
||||||
(``'-'``).
|
(``'-'``).
|
||||||
|
|
||||||
|
* The ``django.contrib.auth.forms.ReadOnlyPasswordHashField`` form field is now
|
||||||
|
:attr:`~django.forms.Field.disabled` by default. Therefore
|
||||||
|
``UserChangeForm.clean_password()`` is no longer required to return the
|
||||||
|
initial value.
|
||||||
|
|
||||||
.. _deprecated-features-3.2:
|
.. _deprecated-features-3.2:
|
||||||
|
|
||||||
Features deprecated in 3.2
|
Features deprecated in 3.2
|
||||||
|
|
|
@ -1129,7 +1129,7 @@ code would be required in the app's ``admin.py`` file::
|
||||||
class UserChangeForm(forms.ModelForm):
|
class UserChangeForm(forms.ModelForm):
|
||||||
"""A form for updating users. Includes all the fields on
|
"""A form for updating users. Includes all the fields on
|
||||||
the user, but replaces the password field with admin's
|
the user, but replaces the password field with admin's
|
||||||
password hash display field.
|
disabled password hash display field.
|
||||||
"""
|
"""
|
||||||
password = ReadOnlyPasswordHashField()
|
password = ReadOnlyPasswordHashField()
|
||||||
|
|
||||||
|
@ -1137,12 +1137,6 @@ code would be required in the app's ``admin.py`` file::
|
||||||
model = MyUser
|
model = MyUser
|
||||||
fields = ('email', 'password', 'date_of_birth', 'is_active', 'is_admin')
|
fields = ('email', 'password', 'date_of_birth', 'is_active', 'is_admin')
|
||||||
|
|
||||||
def clean_password(self):
|
|
||||||
# Regardless of what the user provides, return the initial value.
|
|
||||||
# This is done here, rather than on the field, because the
|
|
||||||
# field does not have access to the initial value
|
|
||||||
return self.initial["password"]
|
|
||||||
|
|
||||||
|
|
||||||
class UserAdmin(BaseUserAdmin):
|
class UserAdmin(BaseUserAdmin):
|
||||||
# The forms to add and change user instances
|
# The forms to add and change user instances
|
||||||
|
@ -1182,3 +1176,10 @@ Finally, specify the custom model as the default user model for your project
|
||||||
using the :setting:`AUTH_USER_MODEL` setting in your ``settings.py``::
|
using the :setting:`AUTH_USER_MODEL` setting in your ``settings.py``::
|
||||||
|
|
||||||
AUTH_USER_MODEL = 'customauth.MyUser'
|
AUTH_USER_MODEL = 'customauth.MyUser'
|
||||||
|
|
||||||
|
.. versionchanged:: 3.2
|
||||||
|
|
||||||
|
In older versions, ``ReadOnlyPasswordHashField`` is not
|
||||||
|
:attr:`~django.forms.Field.disabled` by default and
|
||||||
|
``UserChangeForm.clean_password()`` is required to return the initial
|
||||||
|
value, whatever the user provides.
|
||||||
|
|
|
@ -1022,6 +1022,7 @@ class ReadOnlyPasswordHashTest(SimpleTestCase):
|
||||||
|
|
||||||
def test_readonly_field_has_changed(self):
|
def test_readonly_field_has_changed(self):
|
||||||
field = ReadOnlyPasswordHashField()
|
field = ReadOnlyPasswordHashField()
|
||||||
|
self.assertIs(field.disabled, True)
|
||||||
self.assertFalse(field.has_changed('aaa', 'bbb'))
|
self.assertFalse(field.has_changed('aaa', 'bbb'))
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue