From e39e727ded673e74016b5d3658d23cbe20234d11 Mon Sep 17 00:00:00 2001 From: Mariusz Felisiak Date: Fri, 28 Aug 2020 05:57:36 +0200 Subject: [PATCH] Fixed #31912 -- Removed strict=True in Path.resolve() in project template and CommonPasswordValidator. This caused permission errors when user didn't have permissions to all intermediate directories in a Django installation path. Thanks tytusd and leonyxz for reports. Regression in edeec1247e52de6fc32cee93e96d4ce36003ea4b and 26554cf5d1e96db10d0d5f4b69683a22fb82fdf8. --- django/conf/project_template/project_name/settings.py-tpl | 2 +- django/contrib/auth/password_validation.py | 2 +- docs/howto/overriding-templates.txt | 2 +- docs/releases/3.1.1.txt | 5 +++++ 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/django/conf/project_template/project_name/settings.py-tpl b/django/conf/project_template/project_name/settings.py-tpl index 64d32d7059f..444c899b2b3 100644 --- a/django/conf/project_template/project_name/settings.py-tpl +++ b/django/conf/project_template/project_name/settings.py-tpl @@ -13,7 +13,7 @@ https://docs.djangoproject.com/en/{{ docs_version }}/ref/settings/ from pathlib import Path # Build paths inside the project like this: BASE_DIR / 'subdir'. -BASE_DIR = Path(__file__).resolve(strict=True).parent.parent +BASE_DIR = Path(__file__).resolve().parent.parent # Quick-start development settings - unsuitable for production diff --git a/django/contrib/auth/password_validation.py b/django/contrib/auth/password_validation.py index 61a482fdadb..845f4d86d5b 100644 --- a/django/contrib/auth/password_validation.py +++ b/django/contrib/auth/password_validation.py @@ -167,7 +167,7 @@ class CommonPasswordValidator: https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7 The password list must be lowercased to match the comparison in validate(). """ - DEFAULT_PASSWORD_LIST_PATH = Path(__file__).resolve(strict=True).parent / 'common-passwords.txt.gz' + DEFAULT_PASSWORD_LIST_PATH = Path(__file__).resolve().parent / 'common-passwords.txt.gz' def __init__(self, password_list_path=DEFAULT_PASSWORD_LIST_PATH): try: diff --git a/docs/howto/overriding-templates.txt b/docs/howto/overriding-templates.txt index 71eb14b0c44..0f880690698 100644 --- a/docs/howto/overriding-templates.txt +++ b/docs/howto/overriding-templates.txt @@ -29,7 +29,7 @@ called ``blog``, which provides the templates ``blog/post.html`` and from pathlib import Path - BASE_DIR = Path(__file__).resolve(strict=True).parent.parent + BASE_DIR = Path(__file__).resolve().parent.parent INSTALLED_APPS = [ ..., diff --git a/docs/releases/3.1.1.txt b/docs/releases/3.1.1.txt index 83ff2b07d22..84f9020c53a 100644 --- a/docs/releases/3.1.1.txt +++ b/docs/releases/3.1.1.txt @@ -43,3 +43,8 @@ Bugfixes * Fixed ``__in`` lookup on key transforms for :class:`~django.db.models.JSONField` with MariaDB, MySQL, Oracle, and SQLite (:ticket:`31936`). + +* Fixed a regression in Django 3.1 that caused permission errors in + ``CommonPasswordValidator`` and ``settings.py`` generated by the + :djadmin:`startproject` command, when user didn't have permissions to all + intermediate directories in a Django installation path (:ticket:`31912`).