[Django] #26599: Django Passsword Change Form giving wrong POST value for Old Password of Admin

2 views
Skip to first unread message

Django

unread,
May 9, 2016, 6:01:45 AM5/9/16
to django-...@googlegroups.com
#26599: Django Passsword Change Form giving wrong POST value for Old Password of
Admin
---------------------------------+----------------------------------------
Reporter: shikha-desai | Owner: nobody
Type: Bug | Status: new
Component: Template system | Version: 1.8
Severity: Normal | Keywords: Admin:Password Change Form
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
---------------------------------+----------------------------------------
I have created a link to the Password Change Form using :

<a href="{% url 'admin:password_change' %}">{% trans 'Change password'
%}</a>

The problem is : It works for all web users, but if I login as admin and
then change the password, say if the original password is:'admin'...Now I
change it to '1234', it works and I can login again.

But when I again go to change_password and try to change from '1234' to
something else, it gives 'Incorrect Old Password'.

On debugging, I found that the POST request received has the old_password
field value as 'admin' while I have typed '1234'.

When I tried to add another field on the html page and updated the
old_password section as below:
{{{
<div class="form-group">
<div class="control-label col-sm-2">
{{ form.old_password.label_tag }}
</div>
<div class="controls col-sm-10">
{% dab_field_rendering form.old_password %}
{{ form.old_password }}
{% if form.old_password.errors %}<span class="text-danger">{{
form.old_password.errors|striptags }}</span>{% endif %}
</div>
</div>
}}}

It works perfectly fine and receives the correct request, but I can't ask
user to enter the old password two times. There seems to be a problem with
the code of change password.

--
Ticket URL: <https://code.djangoproject.com/ticket/26599>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
May 9, 2016, 6:53:39 AM5/9/16
to django-...@googlegroups.com
#26599: Django Passsword Change Form giving wrong POST value for Old Password of
Admin
-------------------------------------+-------------------------------------
Reporter: shikha-desai | Owner: nobody
Type: Bug | Status: closed

Component: Template system | Version: 1.8
Severity: Normal | Resolution:
| worksforme
Keywords: Admin:Password | Triage Stage:
Change Form | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Changes (by timgraham):

* status: new => closed
* needs_better_patch: => 0
* resolution: => worksforme
* needs_tests: => 0
* needs_docs: => 0


Comment:

Please provide a test case for Django's test suite that demonstrates the
problem (see the existing tests in `tests/auth_tests/test_views.py`) or
very specific steps with the exact URLs and inputs for each step. Also be
sure to disable any third-party apps to rule out a bug there.

--
Ticket URL: <https://code.djangoproject.com/ticket/26599#comment:1>

Reply all
Reply to author
Forward
0 new messages