Re: [Django] #36087: Password reset does not support a custom user model with a composite primary key (was: Add system check mentioning contrib.auth is not composite primary key ready)
3 views
Skip to first unread message
Django
Jan 13, 2025, 5:45:19 AM1/13/25
to django-...@googlegroups.com
#36087: Password reset does not support a custom user model with a composite
primary key
---------------------------------+---------------------------------------
Reporter: Jacob Walls | Owner: Sarah Boyce
Type: Bug | Status: assigned
Component: contrib.auth | Version: dev
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+---------------------------------------
Changes (by Sarah Boyce):
* owner: (none) => Sarah Boyce
* severity: Normal => Release blocker
* stage: Unreviewed => Accepted
* status: new => assigned
* summary:
Add system check mentioning contrib.auth is not composite primary key
ready
=>
Password reset does not support a custom user model with a composite
primary key
* type: Cleanup/optimization => Bug
Comment:
Good spot!
There's a chance that adding support for custom user models with
CompositePrimaryKey's might be easier than adding a system check
Something roughly like:
{{{#!diff
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -478,11 +478,12 @@ class PasswordResetForm(forms.Form):
email_field_name = UserModel.get_email_field_name()
for user in self.get_users(email):
user_email = getattr(user, email_field_name)
+ user_pk_bytes =
force_bytes(UserModel._meta.pk.value_to_string(user))
context = {
"email": user_email,
"domain": domain,
"site_name": site_name,
- "uid": urlsafe_base64_encode(force_bytes(user.pk)),
+ "uid": urlsafe_base64_encode(user_pk_bytes),
"user": user,
"token": token_generator.make_token(user),
"protocol": "https" if use_https else "http",
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index a18cfdb347..cd810a1edc 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -301,7 +301,8 @@ class PasswordResetConfirmView(PasswordContextMixin,
FormView):
try:
# urlsafe_base64_decode() decodes to bytestring
uid = urlsafe_base64_decode(uidb64).decode()
- user = UserModel._default_manager.get(pk=uid)
+ pk = UserModel._meta.pk.to_python(uid)
+ user = UserModel._default_manager.get(pk=pk)
except (
TypeError,
}}}
If it's more complex, then perhaps we add some docs or a system check as
suggested
--
Ticket URL: <https://code.djangoproject.com/ticket/36087#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
primary key
---------------------------------+---------------------------------------
Reporter: Jacob Walls | Owner: Sarah Boyce
Type: Bug | Status: assigned
Component: contrib.auth | Version: dev
Severity: Release blocker | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+---------------------------------------
Changes (by Sarah Boyce):
* owner: (none) => Sarah Boyce
* severity: Normal => Release blocker
* stage: Unreviewed => Accepted
* status: new => assigned
* summary:
Add system check mentioning contrib.auth is not composite primary key
ready
=>
Password reset does not support a custom user model with a composite
primary key
* type: Cleanup/optimization => Bug
Comment:
Good spot!
There's a chance that adding support for custom user models with
CompositePrimaryKey's might be easier than adding a system check
Something roughly like:
{{{#!diff
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -478,11 +478,12 @@ class PasswordResetForm(forms.Form):
email_field_name = UserModel.get_email_field_name()
for user in self.get_users(email):
user_email = getattr(user, email_field_name)
+ user_pk_bytes =
force_bytes(UserModel._meta.pk.value_to_string(user))
context = {
"email": user_email,
"domain": domain,
"site_name": site_name,
- "uid": urlsafe_base64_encode(force_bytes(user.pk)),
+ "uid": urlsafe_base64_encode(user_pk_bytes),
"user": user,
"token": token_generator.make_token(user),
"protocol": "https" if use_https else "http",
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index a18cfdb347..cd810a1edc 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -301,7 +301,8 @@ class PasswordResetConfirmView(PasswordContextMixin,
FormView):
try:
# urlsafe_base64_decode() decodes to bytestring
uid = urlsafe_base64_decode(uidb64).decode()
- user = UserModel._default_manager.get(pk=uid)
+ pk = UserModel._meta.pk.to_python(uid)
+ user = UserModel._default_manager.get(pk=pk)
except (
TypeError,
}}}
If it's more complex, then perhaps we add some docs or a system check as
suggested
--
Ticket URL: <https://code.djangoproject.com/ticket/36087#comment:3>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Reply all
Reply to author
Forward
0 new messages