[Django] #32235: Set disabled prop on ReadOnlyPasswordHashField
Django
------------------------------------------------+------------------------
Reporter: Jaap Roes | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
------------------------------------------------+------------------------
Currently the `django.contrib.auth.forms.UserChangeForm` defines a
`clean_password` method that returns the initial password value to prevent
(accidental) changes to the password value. It is also documented that
custom forms for the User model need to define this method:
https://docs.djangoproject.com/en/3.1/topics/auth/customizing/#a-full-
example
A while ago the `forms.Field` base class gained the
[https://docs.djangoproject.com/en/stable/ref/forms/fields/#disabled
disabled] argument to:
> [disable] a form field using the disabled HTML attribute so that it
won’t be editable by users. Even if a user tampers with the field’s value
submitted to the server, it will be ignored in favor of the value from the
form’s initial data.
It seems to me that this property could be set to `True` be default on the
`ReadOnlyPasswordHashField` used to display the password hash. This way
the `clean_password` is no longer necessary and the potential pitfall when
using the `ReadOnlyPasswordHashField` without implementing
`clean_password` is removed.
--
Ticket URL: <https://code.djangoproject.com/ticket/32235>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: Jaap Roes | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.auth | Version: master
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak):
* stage: Unreviewed => Accepted
Comment:
Sounds good. Would you like to provide a patch?
--
Ticket URL: <https://code.djangoproject.com/ticket/32235#comment:1>
Django
Reporter: Jaap Roes | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: contrib.auth | Version: master
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Comment (by Jaap Roes):
Replying to [comment:1 Mariusz Felisiak]:
> Sounds good. Would you like to provide a patch?
I don't have the time to do a proper patch (with doc changes and
additional tests). But I marked it as "Easy pickings" to entice others
that are trying to get into contribution to Django ;-)
--
Ticket URL: <https://code.djangoproject.com/ticket/32235#comment:2>
Django
Reporter: Jaap Roes | Owner: Timo
Type: | Ludwig
Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Timo Ludwig):
* owner: nobody => Timo Ludwig
* status: new => assigned
Comment:
I'd like to work on this as my first contribution to Django :)
I will provide a patch as soon as possible.
--
Ticket URL: <https://code.djangoproject.com/ticket/32235#comment:3>
Django
Reporter: Jaap Roes | Owner: Timo
Type: | Ludwig
Cleanup/optimization | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Timo Ludwig):
* has_patch: 0 => 1
Comment:
[https://github.com/django/django/pull/13741 PR]
--
Ticket URL: <https://code.djangoproject.com/ticket/32235#comment:4>
Django
Reporter: Jaap Roes | Owner: Timo
Type: | Ludwig
Cleanup/optimization | Status: assigned
Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/32235#comment:5>
Django
Reporter: Jaap Roes | Owner: Timo
Type: | Ludwig
Component: contrib.auth | Version: master
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
Changes (by Mariusz Felisiak <felisiak.mariusz@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"d8dfff2ab0edf7a1ca5255eccf45c447b2f9d57e" d8dfff2]:
{{{
#!CommitTicketReference repository=""
revision="d8dfff2ab0edf7a1ca5255eccf45c447b2f9d57e"
Fixed #32235 -- Made ReadOnlyPasswordHashField disabled by default.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/32235#comment:6>