Fixed #24315 -- Fixed auth.views.password_reset_confirm() with a UUID user.

django/contrib/auth/views.py

@@ -17,6 +17,7 @@ from django.http import HttpResponseRedirect, QueryDict
 from django.shortcuts import resolve_url
 from django.template.response import TemplateResponse
 from django.utils.deprecation import RemovedInDjango20Warning
+from django.utils.encoding import force_text
 from django.utils.http import is_safe_url, urlsafe_base64_decode
 from django.utils.six.moves.urllib.parse import urlparse, urlunparse
 from django.utils.translation import ugettext as _
@@ -230,7 +231,8 @@ def password_reset_confirm(request, uidb64=None, token=None,
     else:
         post_reset_redirect = resolve_url(post_reset_redirect)
     try:
-        uid = urlsafe_base64_decode(uidb64)
+        # urlsafe_base64_decode() decodes to bytestring on Python 3
+        uid = force_text(urlsafe_base64_decode(uidb64))
         user = UserModel._default_manager.get(pk=uid)
     except (TypeError, ValueError, OverflowError, UserModel.DoesNotExist):
         user = None

tests/auth_tests/test_views.py

@@ -334,10 +334,11 @@ class PasswordResetTest(AuthViewsTestCase):
 @override_settings(AUTH_USER_MODEL='auth.CustomUser')
 class CustomUserPasswordResetTest(AuthViewsTestCase):
     fixtures = ['custom_user.json']
+    user_email = 'staffmember@example.com'
 
     def _test_confirm_start(self):
         # Start by creating the email
-        response = self.client.post('/password_reset/', {'email': 'staffmember@example.com'})
+        response = self.client.post('/password_reset/', {'email': self.user_email})
         self.assertEqual(response.status_code, 302)
         self.assertEqual(len(mail.outbox), 1)
         return self._read_signup_email(mail.outbox[0])
@@ -352,6 +353,26 @@ class CustomUserPasswordResetTest(AuthViewsTestCase):
         response = self.client.get(path)
         # redirect to a 'complete' page:
         self.assertContains(response, "Please enter your new password")
+        # then submit a new password
+        response = self.client.post(path, {
+            'new_password1': 'anewpassword',
+            'new_password2': 'anewpassword',
+        })
+        self.assertRedirects(response, '/reset/done/')
+
+
+@override_settings(AUTH_USER_MODEL='auth.UUIDUser')
+class UUIDUserPasswordResetTest(CustomUserPasswordResetTest):
+    fixtures = None
+
+    def _test_confirm_start(self):
+        # instead of fixture
+        UUIDUser.objects.create_user(
+            email=self.user_email,
+            username='foo',
+            password='foo',
+        )
+        return super(UUIDUserPasswordResetTest, self)._test_confirm_start()
 
 
 class ChangePasswordTest(AuthViewsTestCase):