From 0eeae15056edf07f786d3be5b47c14ab62eacd31 Mon Sep 17 00:00:00 2001
From: Claude Paroz <claude@2xlibre.net>
Date: Sat, 24 Nov 2012 18:25:42 +0100
Subject: [PATCH] Fixed #19354 -- Do not assume usermodel.pk == usermodel.id

Thanks markteisman at hotmail.com for the report.
---
 django/contrib/admin/options.py                        |  2 +-
 django/contrib/auth/__init__.py                        |  4 ++--
 django/contrib/auth/forms.py                           |  2 +-
 .../templates/context_processors/auth_attrs_user.html  |  2 +-
 django/contrib/auth/tokens.py                          |  2 +-
 django/contrib/auth/views.py                           |  2 +-
 docs/ref/templates/builtins.txt                        |  2 +-
 tests/regressiontests/model_formsets_regress/tests.py  | 10 +++++-----
 tests/regressiontests/transactions_regress/tests.py    |  2 +-
 9 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/django/contrib/admin/options.py b/django/contrib/admin/options.py
index 8543c0ad54..c48ffa6ca3 100644
--- a/django/contrib/admin/options.py
+++ b/django/contrib/admin/options.py
@@ -552,7 +552,7 @@ class ModelAdmin(BaseModelAdmin):
         """
         from django.contrib.admin.models import LogEntry, DELETION
         LogEntry.objects.log_action(
-            user_id         = request.user.id,
+            user_id         = request.user.pk,
             content_type_id = ContentType.objects.get_for_model(self.model).pk,
             object_id       = object.pk,
             object_repr     = object_repr,
diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py
index 5dbda44501..99348d3ae5 100644
--- a/django/contrib/auth/__init__.py
+++ b/django/contrib/auth/__init__.py
@@ -84,14 +84,14 @@ def login(request, user):
         user = request.user
     # TODO: It would be nice to support different login methods, like signed cookies.
     if SESSION_KEY in request.session:
-        if request.session[SESSION_KEY] != user.id:
+        if request.session[SESSION_KEY] != user.pk:
             # To avoid reusing another user's session, create a new, empty
             # session if the existing session corresponds to a different
             # authenticated user.
             request.session.flush()
     else:
         request.session.cycle_key()
-    request.session[SESSION_KEY] = user.id
+    request.session[SESSION_KEY] = user.pk
     request.session[BACKEND_SESSION_KEY] = user.backend
     if hasattr(request, 'user'):
         request.user = user
diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index 9279c52675..10d9eca3c3 100644
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -241,7 +241,7 @@ class PasswordResetForm(forms.Form):
                 'email': user.email,
                 'domain': domain,
                 'site_name': site_name,
-                'uid': int_to_base36(user.id),
+                'uid': int_to_base36(user.pk),
                 'user': user,
                 'token': token_generator.make_token(user),
                 'protocol': use_https and 'https' or 'http',
diff --git a/django/contrib/auth/tests/templates/context_processors/auth_attrs_user.html b/django/contrib/auth/tests/templates/context_processors/auth_attrs_user.html
index aa7f784405..dc4c6b17c1 100644
--- a/django/contrib/auth/tests/templates/context_processors/auth_attrs_user.html
+++ b/django/contrib/auth/tests/templates/context_processors/auth_attrs_user.html
@@ -1,4 +1,4 @@
 unicode: {{ user }}
-id: {{ user.id }}
+id: {{ user.pk }}
 username: {{ user.username }}
 url: {% url 'userpage' user %}
diff --git a/django/contrib/auth/tokens.py b/django/contrib/auth/tokens.py
index 930c70012b..6e5bfe7d9d 100644
--- a/django/contrib/auth/tokens.py
+++ b/django/contrib/auth/tokens.py
@@ -58,7 +58,7 @@ class PasswordResetTokenGenerator(object):
         # Ensure results are consistent across DB backends
         login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None)
 
-        value = (six.text_type(user.id) + user.password +
+        value = (six.text_type(user.pk) + user.password +
                 six.text_type(login_timestamp) + six.text_type(timestamp))
         hash = salted_hmac(key_salt, value).hexdigest()[::2]
         return "%s-%s" % (ts_b36, hash)
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index d27e2f5aba..2562a639b7 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -206,7 +206,7 @@ def password_reset_confirm(request, uidb36=None, token=None,
         post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
     try:
         uid_int = base36_to_int(uidb36)
-        user = UserModel.objects.get(id=uid_int)
+        user = UserModel.objects.get(pk=uid_int)
     except (ValueError, OverflowError, UserModel.DoesNotExist):
         user = None
 
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
index dc79b3a7d0..57ef0cfb27 100644
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@@ -618,7 +618,7 @@ Output the contents of the block if the two arguments equal each other.
 
 Example::
 
-    {% ifequal user.id comment.user_id %}
+    {% ifequal user.pk comment.user_id %}
         ...
     {% endifequal %}
 
diff --git a/tests/regressiontests/model_formsets_regress/tests.py b/tests/regressiontests/model_formsets_regress/tests.py
index 1fbdb9744f..8cadcfc409 100644
--- a/tests/regressiontests/model_formsets_regress/tests.py
+++ b/tests/regressiontests/model_formsets_regress/tests.py
@@ -351,7 +351,7 @@ class FormfieldShouldDeleteFormTests(TestCase):
 
         def should_delete(self):
             """ delete form if odd PK """
-            return self.instance.id % 2 != 0
+            return self.instance.pk % 2 != 0
 
     NormalFormset = modelformset_factory(User, form=CustomDeleteUserForm, can_delete=True)
     DeleteFormset = modelformset_factory(User, form=CustomDeleteUserForm, formset=BaseCustomDeleteModelFormSet)
@@ -392,7 +392,7 @@ class FormfieldShouldDeleteFormTests(TestCase):
         data = dict(self.data)
         data['form-INITIAL_FORMS'] = 4
         data.update(dict(
-            ('form-%d-id' % i, user.id)
+            ('form-%d-id' % i, user.pk)
             for i,user in enumerate(User.objects.all())
         ))
         formset = self.NormalFormset(data, queryset=User.objects.all())
@@ -409,7 +409,7 @@ class FormfieldShouldDeleteFormTests(TestCase):
         data = dict(self.data)
         data['form-INITIAL_FORMS'] = 4
         data.update(dict(
-            ('form-%d-id' % i, user.id)
+            ('form-%d-id' % i, user.pk)
             for i,user in enumerate(User.objects.all())
         ))
         data.update(self.delete_all_ids)
@@ -428,7 +428,7 @@ class FormfieldShouldDeleteFormTests(TestCase):
         data = dict(self.data)
         data['form-INITIAL_FORMS'] = 4
         data.update(dict(
-            ('form-%d-id' % i, user.id)
+            ('form-%d-id' % i, user.pk)
             for i,user in enumerate(User.objects.all())
         ))
         data.update(self.delete_all_ids)
@@ -440,5 +440,5 @@ class FormfieldShouldDeleteFormTests(TestCase):
         self.assertEqual(len(User.objects.all()), 2)
 
         # verify no "odd" PKs left
-        odd_ids = [user.id for user in User.objects.all() if user.id % 2]
+        odd_ids = [user.pk for user in User.objects.all() if user.pk % 2]
         self.assertEqual(len(odd_ids), 0)
diff --git a/tests/regressiontests/transactions_regress/tests.py b/tests/regressiontests/transactions_regress/tests.py
index 66e047799e..5d1ab2c6f6 100644
--- a/tests/regressiontests/transactions_regress/tests.py
+++ b/tests/regressiontests/transactions_regress/tests.py
@@ -140,7 +140,7 @@ class TestTransactionClosing(TransactionTestCase):
             "Create a user in a transaction"
             user = User.objects.create_user(username='system', password='iamr00t', email='root@SITENAME.com')
             # Redundant, just makes sure the user id was read back from DB
-            Mod.objects.create(fld=user.id)
+            Mod.objects.create(fld=user.pk)
 
         # Create a user
         create_system_user()