From 3828427f634e1880467689e4cf0f8ffee95f0d05 Mon Sep 17 00:00:00 2001
From: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Date: Sat, 28 Nov 2020 10:20:29 +0100
Subject: [PATCH] Refs #31978 -- Fixed hint in admin's password reset
 confirmation form for custom username fields.

Thanks Jaap Roes for the report.
---
 .../registration/password_reset_confirm.html  |  2 +-
 tests/auth_tests/test_templates.py            | 28 +++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/django/contrib/admin/templates/registration/password_reset_confirm.html b/django/contrib/admin/templates/registration/password_reset_confirm.html
index b91bfb22bf..373e703416 100644
--- a/django/contrib/admin/templates/registration/password_reset_confirm.html
+++ b/django/contrib/admin/templates/registration/password_reset_confirm.html
@@ -17,7 +17,7 @@
 
 <form method="post">{% csrf_token %}
 <fieldset class="module aligned">
-    <input class="hidden" autocomplete="username" value="{{ form.user.username }}">
+    <input class="hidden" autocomplete="username" value="{{ form.user.get_username }}">
     <div class="form-row field-password1">
         {{ form.new_password1.errors }}
         <label for="id_new_password1">{% translate 'New password:' %}</label>
diff --git a/tests/auth_tests/test_templates.py b/tests/auth_tests/test_templates.py
index 1b25489493..02f39a9cbf 100644
--- a/tests/auth_tests/test_templates.py
+++ b/tests/auth_tests/test_templates.py
@@ -1,3 +1,5 @@
+from datetime import date
+
 from django.contrib.auth import authenticate
 from django.contrib.auth.models import User
 from django.contrib.auth.tokens import PasswordResetTokenGenerator
@@ -10,6 +12,7 @@ from django.urls import reverse
 from django.utils.http import urlsafe_base64_encode
 
 from .client import PasswordResetConfirmClient
+from .models import CustomUser
 
 
 @override_settings(ROOT_URLCONF='auth_tests.urls')
@@ -59,6 +62,31 @@ class AuthTemplateTests(TestCase):
             '<input class="hidden" autocomplete="username" value="jsmith">',
         )
 
+    @override_settings(AUTH_USER_MODEL='auth_tests.CustomUser')
+    def test_password_reset_confirm_view_custom_username_hint(self):
+        custom_user = CustomUser.custom_objects.create_user(
+            email='joe@example.com',
+            date_of_birth=date(1986, 11, 11),
+            first_name='Joe',
+        )
+        client = PasswordResetConfirmClient()
+        default_token_generator = PasswordResetTokenGenerator()
+        token = default_token_generator.make_token(custom_user)
+        uidb64 = urlsafe_base64_encode(str(custom_user.pk).encode())
+        url = reverse('password_reset_confirm', kwargs={'uidb64': uidb64, 'token': token})
+        response = client.get(url)
+        self.assertContains(
+            response,
+            '<title>Enter new password | Django site admin</title>',
+        )
+        self.assertContains(response, '<h1>Enter new password</h1>')
+        # The username field is added to the password reset confirmation form
+        # to help browser's password managers.
+        self.assertContains(
+            response,
+            '<input class="hidden" autocomplete="username" value="joe@example.com">',
+        )
+
     def test_password_reset_complete_view(self):
         response = PasswordResetCompleteView.as_view()(self.request)
         self.assertContains(response, '<title>Password reset complete | Django site admin</title>')