Possible bug in django.contrib.auth.forms.UserChangeForm's password field's help_text setup

86 views
Skip to first unread message

Shaheed Haque

unread,
Dec 21, 2017, 9:29:56 PM12/21/17
to Django developers (Contributions to Django itself)
Hi,

In Django 2.0, the help_text for the password field of django.contrib.auth.forms.UserChangeForm looks like this:

help_text=_(
            "Raw passwords are not stored, so there is no way to see this "
            "user's password, but you can change the password using "
            "<a href=\"{}\">this form</a>."
        ),

where the curly brackets are dealt with i nthe __init__() like this:

        self.fields['password'].help_text = self.fields['password'].help_text.format('../password/')

As far as I can see, this works just fine when the form is used as-is when logging in to the admin site. However, the hardcoded path "../password/" breaks in other contexts. In such other places, I see that doing this resolves the issue that ../password does not point to the right place:

        from ... import reverse
        self.fields['password'].help_text = self.fields['password'].help_text.format(reverse('password_change'))

I have checked, and my /usr/local/lib/python3.6/dist-packages/django/contrib/auth/urls.py does use the name implied here, so as far as I can see, it ought to be a safe fix. However, I am not familiar enough with Django to be sure of that (or indeed if this use case constitutes a bug), so am posting here for advice before opening a defect. Please advise if a defect is warranted/desired.

Thanks, Shaheed


Claude Paroz

unread,
Dec 22, 2017, 3:54:42 AM12/22/17
to Django developers (Contributions to Django itself)
This looks like a reasonable improvement. Please open a ticket, and possibly a pull request. Thanks!

Claude

Shaheed Haque

unread,
Dec 22, 2017, 4:00:33 AM12/22/17
to Django developers (Contributions to Django itself)

Never mind, I realised that I was confused. It turns out that the hardcoded ../password thingy relates to the addition of a matching path in django.contrib.auth.admin.UserAdmin get_urls().
Reply all
Reply to author
Forward
0 new messages