From 002425fe39f62faafaa32e400f7531809181a1a0 Mon Sep 17 00:00:00 2001 From: Tim Graham Date: Fri, 13 Feb 2015 09:12:30 -0500 Subject: [PATCH] Fixed #24315 -- Fixed auth.views.password_reset_confirm() with a UUID user. --- django/contrib/auth/views.py | 4 +++- tests/auth_tests/test_views.py | 23 ++++++++++++++++++++++- 2 files changed, 25 insertions(+), 2 deletions(-) diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py index de76157bdc6..99363c392ed 100644 --- a/django/contrib/auth/views.py +++ b/django/contrib/auth/views.py @@ -17,6 +17,7 @@ from django.http import HttpResponseRedirect, QueryDict from django.shortcuts import resolve_url from django.template.response import TemplateResponse from django.utils.deprecation import RemovedInDjango20Warning +from django.utils.encoding import force_text from django.utils.http import is_safe_url, urlsafe_base64_decode from django.utils.six.moves.urllib.parse import urlparse, urlunparse from django.utils.translation import ugettext as _ @@ -230,7 +231,8 @@ def password_reset_confirm(request, uidb64=None, token=None, else: post_reset_redirect = resolve_url(post_reset_redirect) try: - uid = urlsafe_base64_decode(uidb64) + # urlsafe_base64_decode() decodes to bytestring on Python 3 + uid = force_text(urlsafe_base64_decode(uidb64)) user = UserModel._default_manager.get(pk=uid) except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist): user = None diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index 85177dab28c..d6f3b8eca68 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -334,10 +334,11 @@ class PasswordResetTest(AuthViewsTestCase): @override_settings(AUTH_USER_MODEL='auth.CustomUser') class CustomUserPasswordResetTest(AuthViewsTestCase): fixtures = ['custom_user.json'] + user_email = 'staffmember@example.com' def _test_confirm_start(self): # Start by creating the email - response = self.client.post('/password_reset/', {'email': 'staffmember@example.com'}) + response = self.client.post('/password_reset/', {'email': self.user_email}) self.assertEqual(response.status_code, 302) self.assertEqual(len(mail.outbox), 1) return self._read_signup_email(mail.outbox[0]) @@ -352,6 +353,26 @@ class CustomUserPasswordResetTest(AuthViewsTestCase): response = self.client.get(path) # redirect to a 'complete' page: self.assertContains(response, "Please enter your new password") + # then submit a new password + response = self.client.post(path, { + 'new_password1': 'anewpassword', + 'new_password2': 'anewpassword', + }) + self.assertRedirects(response, '/reset/done/') + + +@override_settings(AUTH_USER_MODEL='auth.UUIDUser') +class UUIDUserPasswordResetTest(CustomUserPasswordResetTest): + fixtures = None + + def _test_confirm_start(self): + # instead of fixture + UUIDUser.objects.create_user( + email=self.user_email, + username='foo', + password='foo', + ) + return super(UUIDUserPasswordResetTest, self)._test_confirm_start() class ChangePasswordTest(AuthViewsTestCase):