mirror of https://github.com/django/django.git
[1.5.x] Fixed #19354 -- Do not assume usermodel.pk == usermodel.id
Thanks markteisman at hotmail.com for the report.
Backport of 0eeae1505
from master.
This commit is contained in:
parent
83df1f3b57
commit
47c5b50d34
|
@ -552,7 +552,7 @@ class ModelAdmin(BaseModelAdmin):
|
||||||
"""
|
"""
|
||||||
from django.contrib.admin.models import LogEntry, DELETION
|
from django.contrib.admin.models import LogEntry, DELETION
|
||||||
LogEntry.objects.log_action(
|
LogEntry.objects.log_action(
|
||||||
user_id = request.user.id,
|
user_id = request.user.pk,
|
||||||
content_type_id = ContentType.objects.get_for_model(self.model).pk,
|
content_type_id = ContentType.objects.get_for_model(self.model).pk,
|
||||||
object_id = object.pk,
|
object_id = object.pk,
|
||||||
object_repr = object_repr,
|
object_repr = object_repr,
|
||||||
|
|
|
@ -81,14 +81,14 @@ def login(request, user):
|
||||||
user = request.user
|
user = request.user
|
||||||
# TODO: It would be nice to support different login methods, like signed cookies.
|
# TODO: It would be nice to support different login methods, like signed cookies.
|
||||||
if SESSION_KEY in request.session:
|
if SESSION_KEY in request.session:
|
||||||
if request.session[SESSION_KEY] != user.id:
|
if request.session[SESSION_KEY] != user.pk:
|
||||||
# To avoid reusing another user's session, create a new, empty
|
# To avoid reusing another user's session, create a new, empty
|
||||||
# session if the existing session corresponds to a different
|
# session if the existing session corresponds to a different
|
||||||
# authenticated user.
|
# authenticated user.
|
||||||
request.session.flush()
|
request.session.flush()
|
||||||
else:
|
else:
|
||||||
request.session.cycle_key()
|
request.session.cycle_key()
|
||||||
request.session[SESSION_KEY] = user.id
|
request.session[SESSION_KEY] = user.pk
|
||||||
request.session[BACKEND_SESSION_KEY] = user.backend
|
request.session[BACKEND_SESSION_KEY] = user.backend
|
||||||
if hasattr(request, 'user'):
|
if hasattr(request, 'user'):
|
||||||
request.user = user
|
request.user = user
|
||||||
|
|
|
@ -241,7 +241,7 @@ class PasswordResetForm(forms.Form):
|
||||||
'email': user.email,
|
'email': user.email,
|
||||||
'domain': domain,
|
'domain': domain,
|
||||||
'site_name': site_name,
|
'site_name': site_name,
|
||||||
'uid': int_to_base36(user.id),
|
'uid': int_to_base36(user.pk),
|
||||||
'user': user,
|
'user': user,
|
||||||
'token': token_generator.make_token(user),
|
'token': token_generator.make_token(user),
|
||||||
'protocol': use_https and 'https' or 'http',
|
'protocol': use_https and 'https' or 'http',
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
unicode: {{ user }}
|
unicode: {{ user }}
|
||||||
id: {{ user.id }}
|
id: {{ user.pk }}
|
||||||
username: {{ user.username }}
|
username: {{ user.username }}
|
||||||
url: {% url 'userpage' user %}
|
url: {% url 'userpage' user %}
|
||||||
|
|
|
@ -58,7 +58,7 @@ class PasswordResetTokenGenerator(object):
|
||||||
# Ensure results are consistent across DB backends
|
# Ensure results are consistent across DB backends
|
||||||
login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None)
|
login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None)
|
||||||
|
|
||||||
value = (six.text_type(user.id) + user.password +
|
value = (six.text_type(user.pk) + user.password +
|
||||||
six.text_type(login_timestamp) + six.text_type(timestamp))
|
six.text_type(login_timestamp) + six.text_type(timestamp))
|
||||||
hash = salted_hmac(key_salt, value).hexdigest()[::2]
|
hash = salted_hmac(key_salt, value).hexdigest()[::2]
|
||||||
return "%s-%s" % (ts_b36, hash)
|
return "%s-%s" % (ts_b36, hash)
|
||||||
|
|
|
@ -206,7 +206,7 @@ def password_reset_confirm(request, uidb36=None, token=None,
|
||||||
post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
|
post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
|
||||||
try:
|
try:
|
||||||
uid_int = base36_to_int(uidb36)
|
uid_int = base36_to_int(uidb36)
|
||||||
user = UserModel.objects.get(id=uid_int)
|
user = UserModel.objects.get(pk=uid_int)
|
||||||
except (ValueError, OverflowError, UserModel.DoesNotExist):
|
except (ValueError, OverflowError, UserModel.DoesNotExist):
|
||||||
user = None
|
user = None
|
||||||
|
|
||||||
|
|
|
@ -611,7 +611,7 @@ Output the contents of the block if the two arguments equal each other.
|
||||||
|
|
||||||
Example::
|
Example::
|
||||||
|
|
||||||
{% ifequal user.id comment.user_id %}
|
{% ifequal user.pk comment.user_id %}
|
||||||
...
|
...
|
||||||
{% endifequal %}
|
{% endifequal %}
|
||||||
|
|
||||||
|
|
|
@ -351,7 +351,7 @@ class FormfieldShouldDeleteFormTests(TestCase):
|
||||||
|
|
||||||
def should_delete(self):
|
def should_delete(self):
|
||||||
""" delete form if odd PK """
|
""" delete form if odd PK """
|
||||||
return self.instance.id % 2 != 0
|
return self.instance.pk % 2 != 0
|
||||||
|
|
||||||
NormalFormset = modelformset_factory(User, form=CustomDeleteUserForm, can_delete=True)
|
NormalFormset = modelformset_factory(User, form=CustomDeleteUserForm, can_delete=True)
|
||||||
DeleteFormset = modelformset_factory(User, form=CustomDeleteUserForm, formset=BaseCustomDeleteModelFormSet)
|
DeleteFormset = modelformset_factory(User, form=CustomDeleteUserForm, formset=BaseCustomDeleteModelFormSet)
|
||||||
|
@ -392,7 +392,7 @@ class FormfieldShouldDeleteFormTests(TestCase):
|
||||||
data = dict(self.data)
|
data = dict(self.data)
|
||||||
data['form-INITIAL_FORMS'] = 4
|
data['form-INITIAL_FORMS'] = 4
|
||||||
data.update(dict(
|
data.update(dict(
|
||||||
('form-%d-id' % i, user.id)
|
('form-%d-id' % i, user.pk)
|
||||||
for i,user in enumerate(User.objects.all())
|
for i,user in enumerate(User.objects.all())
|
||||||
))
|
))
|
||||||
formset = self.NormalFormset(data, queryset=User.objects.all())
|
formset = self.NormalFormset(data, queryset=User.objects.all())
|
||||||
|
@ -409,7 +409,7 @@ class FormfieldShouldDeleteFormTests(TestCase):
|
||||||
data = dict(self.data)
|
data = dict(self.data)
|
||||||
data['form-INITIAL_FORMS'] = 4
|
data['form-INITIAL_FORMS'] = 4
|
||||||
data.update(dict(
|
data.update(dict(
|
||||||
('form-%d-id' % i, user.id)
|
('form-%d-id' % i, user.pk)
|
||||||
for i,user in enumerate(User.objects.all())
|
for i,user in enumerate(User.objects.all())
|
||||||
))
|
))
|
||||||
data.update(self.delete_all_ids)
|
data.update(self.delete_all_ids)
|
||||||
|
@ -428,7 +428,7 @@ class FormfieldShouldDeleteFormTests(TestCase):
|
||||||
data = dict(self.data)
|
data = dict(self.data)
|
||||||
data['form-INITIAL_FORMS'] = 4
|
data['form-INITIAL_FORMS'] = 4
|
||||||
data.update(dict(
|
data.update(dict(
|
||||||
('form-%d-id' % i, user.id)
|
('form-%d-id' % i, user.pk)
|
||||||
for i,user in enumerate(User.objects.all())
|
for i,user in enumerate(User.objects.all())
|
||||||
))
|
))
|
||||||
data.update(self.delete_all_ids)
|
data.update(self.delete_all_ids)
|
||||||
|
@ -440,5 +440,5 @@ class FormfieldShouldDeleteFormTests(TestCase):
|
||||||
self.assertEqual(len(User.objects.all()), 2)
|
self.assertEqual(len(User.objects.all()), 2)
|
||||||
|
|
||||||
# verify no "odd" PKs left
|
# verify no "odd" PKs left
|
||||||
odd_ids = [user.id for user in User.objects.all() if user.id % 2]
|
odd_ids = [user.pk for user in User.objects.all() if user.pk % 2]
|
||||||
self.assertEqual(len(odd_ids), 0)
|
self.assertEqual(len(odd_ids), 0)
|
||||||
|
|
|
@ -140,7 +140,7 @@ class TestTransactionClosing(TransactionTestCase):
|
||||||
"Create a user in a transaction"
|
"Create a user in a transaction"
|
||||||
user = User.objects.create_user(username='system', password='iamr00t', email='root@SITENAME.com')
|
user = User.objects.create_user(username='system', password='iamr00t', email='root@SITENAME.com')
|
||||||
# Redundant, just makes sure the user id was read back from DB
|
# Redundant, just makes sure the user id was read back from DB
|
||||||
Mod.objects.create(fld=user.id)
|
Mod.objects.create(fld=user.pk)
|
||||||
|
|
||||||
# Create a user
|
# Create a user
|
||||||
create_system_user()
|
create_system_user()
|
||||||
|
|
Loading…
Reference in New Issue