[1.8.x] Fixed #24334 -- Allowed admin password reset to work with non-digit custom user model primary key.

Thanks Loic for help and Simon for review. Backport of fdf20093e0 from master
2025-10-31 09:41:08 +00:00 · 2015-02-12 12:14:19 -05:00
parent bd80fa6b0f
commit 8fc4840289
3 changed files with 67 additions and 3 deletions
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -18,6 +18,7 @@ from django.contrib.sessions.middleware import SessionMiddleware
 from django.contrib.sites.requests import RequestSite
 from django.core import mail
 from django.core.urlresolvers import NoReverseMatch, reverse, reverse_lazy
+from django.db import connection
 from django.http import HttpRequest, QueryDict
 from django.middleware.csrf import CsrfViewMiddleware
 from django.test import (
@@ -30,6 +31,7 @@ from django.utils.http import urlquote
 from django.utils.six.moves.urllib.parse import ParseResult, urlparse
 from django.utils.translation import LANGUAGE_SESSION_KEY

+from .models import UUIDUser
 from .settings import AUTH_TEMPLATES


@@ -892,3 +894,38 @@ class ChangelistTests(AuthViewsTestCase):
        self.assertEqual(row.user_id, self.admin.pk)
        self.assertEqual(row.object_id, str(u.pk))
        self.assertEqual(row.change_message, 'Changed password.')
+
+    def test_password_change_bad_url(self):
+        response = self.client.get(reverse('auth_test_admin:auth_user_password_change', args=('foobar',)))
+        self.assertEqual(response.status_code, 404)
+
+
+@override_settings(
+    AUTH_USER_MODEL='auth.UUIDUser',
+    ROOT_URLCONF='auth_tests.urls_custom_user_admin',
+)
+class UUIDUserTests(TestCase):
+
+    def test_admin_password_change(self):
+        u = UUIDUser.objects.create_superuser(username='uuid', email='foo@bar.com', password='test')
+        self.assertTrue(self.client.login(username='uuid', password='test'))
+
+        user_change_url = reverse('custom_user_admin:auth_uuiduser_change', args=(u.pk,))
+        response = self.client.get(user_change_url)
+        self.assertEqual(response.status_code, 200)
+
+        password_change_url = reverse('custom_user_admin:auth_user_password_change', args=(u.pk,))
+        response = self.client.get(password_change_url)
+        self.assertEqual(response.status_code, 200)
+
+        # A LogEntry is created with pk=1 which breaks a FK constraint on MySQL
+        with connection.constraint_checks_disabled():
+            response = self.client.post(password_change_url, {
+                'password1': 'password1',
+                'password2': 'password1',
+            })
+        self.assertRedirects(response, user_change_url)
+        row = LogEntry.objects.latest('id')
+        self.assertEqual(row.user_id, 1)  # harcoded in CustomUserAdmin.log_change()
+        self.assertEqual(row.object_id, str(u.pk))
+        self.assertEqual(row.change_message, 'Changed password.')
--- a/tests/auth_tests/urls_custom_user_admin.py
+++ b/tests/auth_tests/urls_custom_user_admin.py
@@ -0,0 +1,21 @@
+from django.conf.urls import include, url
+from django.contrib import admin
+from django.contrib.auth import get_user_model
+from django.contrib.auth.admin import UserAdmin
+from django.contrib.auth.urls import urlpatterns
+
+site = admin.AdminSite(name='custom_user_admin')
+
+
+class CustomUserAdmin(UserAdmin):
+    def log_change(self, request, object, message):
+        # LogEntry.user column doesn't get altered to expect a UUID, so set an
+        # integer manually to avoid causing an error.
+        request.user.pk = 1
+        super(CustomUserAdmin, self).log_change(request, object, message)
+
+site.register(get_user_model(), CustomUserAdmin)
+
+urlpatterns += [
+    url(r'^admin/', include(site.urls)),
+]