[Django] #32198: Passwords of users created in admin user interface possibly not hashed?

13 views
Skip to first unread message

Django

unread,
Nov 15, 2020, 6:48:11 AM11/15/20
to django-...@googlegroups.com
#32198: Passwords of users created in admin user interface possibly not hashed?
-----------------------------------------+------------------------
Reporter: jrdjango | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.0
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+------------------------
After I created a new user using http://127.0.0.1:8000/admin/users, I see
the plain password of the newly created user in the django admin user
interface.

When I try to log this user in, user = authenticate(request,...) returns
None.

When I create a superuser from the console and go to
http://127.0.0.1:8000/admin/users, I see in the admin user interface that
the superuser's password is hashed.

When I log the superuser in, I don't have any problems.

(I'm new to django, so in case this is nonsense, I beg your pardon.)

--
Ticket URL: <https://code.djangoproject.com/ticket/32198>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Nov 15, 2020, 6:49:30 AM11/15/20
to django-...@googlegroups.com
#32198: Passwords of users created in admin user interface possibly not hashed?
-------------------------------+--------------------------------------

Reporter: jrdjango | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.0
Severity: Normal | Resolution:

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by jrdjango):

* Attachment "password_not_hashed.png" added.

plain password displayed

Django

unread,
Nov 15, 2020, 6:49:52 AM11/15/20
to django-...@googlegroups.com
#32198: Passwords of users created in admin user interface possibly not hashed?
-------------------------------+--------------------------------------

Reporter: jrdjango | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 3.0
Severity: Normal | Resolution:

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by jrdjango):

* Attachment "password_hashed.png" added.

hashed password displayed

Django

unread,
Nov 15, 2020, 2:38:57 PM11/15/20
to django-...@googlegroups.com
#32198: Passwords of users created in admin user interface possibly not hashed?
-------------------------------+--------------------------------------
Reporter: jrdjango | Owner: nobody
Type: Uncategorized | Status: closed
Component: contrib.admin | Version: 3.0
Severity: Normal | Resolution: invalid

Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by Mariusz Felisiak):

* status: new => closed
* resolution: => invalid
* component: Uncategorized => contrib.admin


Comment:

There is an issue in your app not in Django itself. Please don't use Trac
as a support channel. Closing per TicketClosingReasons/UseSupportChannels.

--
Ticket URL: <https://code.djangoproject.com/ticket/32198#comment:1>

Reply all
Reply to author
Forward
0 new messages