#30952: KeyError: '_password_reset_token' during password reset. ------------------------------+-------------------------------------- Reporter: defigor | Owner: nobody Type: Bug | Status: closed Component: contrib.auth | Version: 2.1 Severity: Normal | Resolution: needsinfo Keywords: | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 ------------------------------+-------------------------------------- Changes (by Carlton Gibson):
* status: new => closed * resolution: => needsinfo Comment: Hi Peter. Can I ask you to add an explicit example here? > When PasswordResetConfirmView saves the user object with the new password, our post_save receiver runs. > The post_save receiver accesses request.user. So I provide a receiver for `post_save` with the `User` model. This gets called with `User` and the `instance` (and ...) but how are you getting the request in there? Let's work on the reproduce first but: > I think the simplest solution is to explicitly log out the user when he accesses a password reset link. I'd need to think about it fully but, if the user is logged in would it not make sense to ensure that the user matches that for the reset token? (In so doing access `request.user` before processing the reset token.) -- Ticket URL: <https://code.djangoproject.com/ticket/30952#comment:7> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.54ca6ca9aac3fc0710fc2a1acb24d119%40djangoproject.com.