#30952: KeyError: '_password_reset_token' during password reset.
------------------------------+--------------------------------------
Reporter: defigor | Owner: nobody
Type: Bug | Status: new
Component: contrib.auth | Version: 3.1
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Changes (by Mark Gregson):
* status: closed => new
* version: 2.1 => 3.1
* resolution: needsinfo =>
Comment:
Hi Carlton
With further digging, I found that my project had a similar pattern to
Peter's and the session was being flushed for the same reason. I have now
produced a simple example that reproduces the error on a fresh 2.2.16 or
3.1.2 Django project. The example reflects the use case in my project, ie,
resolving of `request.user` while logging the password change. The crux
is that `request.user` is resolved for the 1st time after the password
change and before the token is deleted from session.
{{{
#!div style="font-size: 80%"
{{{#!python
class CustomSetPasswordForm(auth_forms.SetPasswordForm):
def __init__(self, *args, request=None, **kwargs):
super().__init__(*args, **kwargs)
self.request = request
def save(self, commit=True):
user = super().save(commit)
if not self.request.user.is_anonymous: # resolves
self.request.user for the 1st time
logger.info(
"%s password changed by %s %s",
user,
self.request.user.email,
self.request.META.get("REMOTE_ADDR"),
)
return user
class PasswordResetConfirmView(auth_views.PasswordResetConfirmView):
form_class = CustomSetPasswordForm
def get_form_kwargs(self):
kwargs = super().get_form_kwargs()
kwargs["request"] = self.request
return kwargs
}}}
}}}
There are simple solutions for the above case but it's a subtle problem
that is hard to pin down so perhaps we should seek to avoid others falling
into the same trap. Perhaps the view could catch the `KeyError` and
reraise with a message that would guide dev's straight to the solution.
--
Ticket URL: <https://code.djangoproject.com/ticket/30952#comment:8>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/065.f9399db198a91bea041e7465ba68d834%40djangoproject.com.
