#30952: KeyError: '_password_reset_token' during password reset. ------------------------------+-------------------------------------- Reporter: defigor | Owner: nobody Type: Bug | Status: new Component: contrib.auth | Version: 3.1 Severity: Normal | Resolution: Keywords: | Triage Stage: Unreviewed Has patch: 0 | Needs documentation: 0 Needs tests: 0 | Patch needs improvement: 0 Easy pickings: 0 | UI/UX: 0 ------------------------------+-------------------------------------- Changes (by Mark Gregson):
* status: closed => new * version: 2.1 => 3.1 * resolution: needsinfo => Comment: Hi Carlton With further digging, I found that my project had a similar pattern to Peter's and the session was being flushed for the same reason. I have now produced a simple example that reproduces the error on a fresh 2.2.16 or 3.1.2 Django project. The example reflects the use case in my project, ie, resolving of `request.user` while logging the password change. The crux is that `request.user` is resolved for the 1st time after the password change and before the token is deleted from session. {{{ #!div style="font-size: 80%" {{{#!python class CustomSetPasswordForm(auth_forms.SetPasswordForm): def __init__(self, *args, request=None, **kwargs): super().__init__(*args, **kwargs) self.request = request def save(self, commit=True): user = super().save(commit) if not self.request.user.is_anonymous: # resolves self.request.user for the 1st time logger.info( "%s password changed by %s %s", user, self.request.user.email, self.request.META.get("REMOTE_ADDR"), ) return user class PasswordResetConfirmView(auth_views.PasswordResetConfirmView): form_class = CustomSetPasswordForm def get_form_kwargs(self): kwargs = super().get_form_kwargs() kwargs["request"] = self.request return kwargs }}} }}} There are simple solutions for the above case but it's a subtle problem that is hard to pin down so perhaps we should seek to avoid others falling into the same trap. Perhaps the view could catch the `KeyError` and reraise with a message that would guide dev's straight to the solution. -- Ticket URL: <https://code.djangoproject.com/ticket/30952#comment:8> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/065.f9399db198a91bea041e7465ba68d834%40djangoproject.com.