[Django] #27840: Password reset: `post_reset_login` throws KeyError if user already logged in
Django
in
-------------------------------------------+------------------------
Reporter: Quentin Marlats | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: 1.11
Severity: Normal | Keywords: auth
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------------+------------------------
When the option `post_reset_login` of `PasswordResetConfirmView` is set to
`True`, it throws `KeyError` when the user is already logged in. I think
you should check if the user is not already logged in before logging in
him to avoid this error.
--
Ticket URL: <https://code.djangoproject.com/ticket/27840>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
in
Reporter: Quentin Marlats | Owner: Markus
| Holtermann
Type: Bug | Status: assigned
Component: contrib.auth | Version: 1.11
Severity: Release blocker | Resolution:
Keywords: auth | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Markus Holtermann):
* owner: nobody => Markus Holtermann
* status: new => assigned
* severity: Normal => Release blocker
* stage: Unreviewed => Accepted
Comment:
{{{#!python
Traceback (most recent call last):
File "/usr/lib64/python3.5/unittest/case.py", line 58, in
testPartExecutor
yield
File "/usr/lib64/python3.5/unittest/case.py", line 600, in run
testMethod()
File "/home/markus/Coding/django/tests/auth_tests/test_views.py", line
338, in test_confirm_login_post_reset
response = self.client.post(path, {'new_password1': 'anewpassword',
'new_password2': 'anewpassword'})
File "/home/markus/Coding/django/tests/auth_tests/client.py", line 41,
in post
return super(PasswordResetConfirmClient, self).post(redirect_url,
*args, **kwargs)
File "/home/markus/Coding/django/django/test/client.py", line 548, in
post
secure=secure, **extra)
File "/home/markus/Coding/django/django/test/client.py", line 350, in
post
secure=secure, **extra)
File "/home/markus/Coding/django/django/test/client.py", line 416, in
generic
return self.request(**r)
File "/home/markus/Coding/django/django/test/client.py", line 501, in
request
six.reraise(*exc_info)
File "/home/markus/Coding/django/django/utils/six.py", line 686, in
reraise
raise value
File "/home/markus/Coding/django/django/core/handlers/exception.py",
line 41, in inner
response = get_response(request)
File "/home/markus/Coding/django/django/core/handlers/base.py", line
187, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/home/markus/Coding/django/django/core/handlers/base.py", line
185, in _get_response
response = wrapped_callback(request, *callback_args,
**callback_kwargs)
File "/home/markus/Coding/django/django/views/generic/base.py", line 68,
in view
return self.dispatch(request, *args, **kwargs)
File "/home/markus/Coding/django/django/utils/decorators.py", line 67,
in _wrapper
return bound_func(*args, **kwargs)
File "/home/markus/Coding/django/django/views/decorators/debug.py", line
76, in sensitive_post_parameters_wrapper
return view(request, *args, **kwargs)
File "/home/markus/Coding/django/django/utils/decorators.py", line 63,
in bound_func
return func.__get__(self, type(self))(*args2, **kwargs2)
File "/home/markus/Coding/django/django/utils/decorators.py", line 67,
in _wrapper
return bound_func(*args, **kwargs)
File "/home/markus/Coding/django/django/views/decorators/cache.py", line
57, in _wrapped_view_func
response = view_func(request, *args, **kwargs)
File "/home/markus/Coding/django/django/utils/decorators.py", line 63,
in bound_func
return func.__get__(self, type(self))(*args2, **kwargs2)
File "/home/markus/Coding/django/django/contrib/auth/views.py", line
465, in dispatch
return super(PasswordResetConfirmView, self).dispatch(*args, **kwargs)
File "/home/markus/Coding/django/django/views/generic/base.py", line 88,
in dispatch
return handler(request, *args, **kwargs)
File "/home/markus/Coding/django/django/views/generic/edit.py", line
183, in post
return self.form_valid(form)
File "/home/markus/Coding/django/django/contrib/auth/views.py", line
497, in form_valid
del self.request.session[INTERNAL_RESET_SESSION_TOKEN]
File
"/home/markus/Coding/django/django/contrib/sessions/backends/base.py",
line 64, in __delitem__
del self._session[key]
KeyError: '_password_reset_token'
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/27840#comment:1>
Django
in
Reporter: Quentin Marlats | Owner: Markus
| Holtermann
Type: Bug | Status: assigned
Severity: Release blocker | Resolution:
Keywords: auth | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Markus Holtermann):
* has_patch: 0 => 1
Comment:
PR: https://github.com/django/django/pull/8062
--
Ticket URL: <https://code.djangoproject.com/ticket/27840#comment:2>
Django
in
Reporter: Quentin Marlats | Owner: Markus
| Holtermann
Type: Bug | Status: assigned
Severity: Release blocker | Resolution:
Keywords: auth | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Tim Graham):
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/27840#comment:3>
Django
in
Reporter: Quentin Marlats | Owner: Markus
| Holtermann
Component: contrib.auth | Version: 1.11
Severity: Release blocker | Resolution: fixed
Keywords: auth | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Markus Holtermann <info@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"b9b35f9efabc19f6c58f2d5962a9e6d8dc53a786" b9b35f9e]:
{{{
#!CommitTicketReference repository=""
revision="b9b35f9efabc19f6c58f2d5962a9e6d8dc53a786"
Fixed #27840 -- Fixed KeyError in PasswordResetConfirmView.form_valid().
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.
Refs #17209
Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/27840#comment:4>
Django
in
Reporter: Quentin Marlats | Owner: Markus
| Holtermann
Type: Bug | Status: closed
Severity: Release blocker | Resolution: fixed
Keywords: auth | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Markus Holtermann <info@…>):
In [changeset:"f5ff5be2c11613e611f53ba4d6b194675811cbad" f5ff5be2]:
{{{
#!CommitTicketReference repository=""
revision="f5ff5be2c11613e611f53ba4d6b194675811cbad"
[1.11.x] Fixed #27840 -- Fixed KeyError in
PasswordResetConfirmView.form_valid().
When a user is already logged in when submitting the password and
password confirmation to reset a password, a KeyError occurred while
removing the reset session token from the session.
Refs #17209
Thanks Quentin Marlats for the report and Florian Apolloner and Tim
Graham for the review.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/27840#comment:5>