Loading django/contrib/auth/forms.py +6 −3 Original line number Diff line number Diff line Loading @@ -52,9 +52,6 @@ class ReadOnlyPasswordHashField(forms.Field): kwargs.setdefault("required", False) super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs) def clean_password(self): return self.initial class UserCreationForm(forms.ModelForm): """ Loading Loading @@ -130,6 +127,12 @@ class UserChangeForm(forms.ModelForm): if f is not None: f.queryset = f.queryset.select_related('content_type') def clean_password(self): # Regardless of what the user provides, return the initial value. # This is done here, rather than on the field, because the # field does not have access to the initial value return self.initial["password"] class AuthenticationForm(forms.Form): """ Loading django/contrib/auth/tests/forms.py +17 −0 Original line number Diff line number Diff line Loading @@ -265,6 +265,23 @@ class UserChangeFormTest(TestCase): self.assertIn(_("Invalid password format or unknown hashing algorithm."), form.as_table()) def test_bug_19133(self): "The change form does not return the password value" # Use the form to construct the POST data user = User.objects.get(username='testclient') form_for_data = UserChangeForm(instance=user) post_data = form_for_data.initial # The password field should be readonly, so anything # posted here should be ignored; the form will be # valid, and give back the 'initial' value for the # password field. post_data['password'] = 'new password' form = UserChangeForm(instance=user, data=post_data) self.assertTrue(form.is_valid()) self.assertEqual(form.cleaned_data['password'], 'sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161') @skipIfCustomUser @override_settings(USE_TZ=False, PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) Loading Loading
django/contrib/auth/forms.py +6 −3 Original line number Diff line number Diff line Loading @@ -52,9 +52,6 @@ class ReadOnlyPasswordHashField(forms.Field): kwargs.setdefault("required", False) super(ReadOnlyPasswordHashField, self).__init__(*args, **kwargs) def clean_password(self): return self.initial class UserCreationForm(forms.ModelForm): """ Loading Loading @@ -130,6 +127,12 @@ class UserChangeForm(forms.ModelForm): if f is not None: f.queryset = f.queryset.select_related('content_type') def clean_password(self): # Regardless of what the user provides, return the initial value. # This is done here, rather than on the field, because the # field does not have access to the initial value return self.initial["password"] class AuthenticationForm(forms.Form): """ Loading
django/contrib/auth/tests/forms.py +17 −0 Original line number Diff line number Diff line Loading @@ -265,6 +265,23 @@ class UserChangeFormTest(TestCase): self.assertIn(_("Invalid password format or unknown hashing algorithm."), form.as_table()) def test_bug_19133(self): "The change form does not return the password value" # Use the form to construct the POST data user = User.objects.get(username='testclient') form_for_data = UserChangeForm(instance=user) post_data = form_for_data.initial # The password field should be readonly, so anything # posted here should be ignored; the form will be # valid, and give back the 'initial' value for the # password field. post_data['password'] = 'new password' form = UserChangeForm(instance=user, data=post_data) self.assertTrue(form.is_valid()) self.assertEqual(form.cleaned_data['password'], 'sha1$6efc0$f93efe9fd7542f25a7be94871ea45aa95de57161') @skipIfCustomUser @override_settings(USE_TZ=False, PASSWORD_HASHERS=('django.contrib.auth.hashers.SHA1PasswordHasher',)) Loading
