Re: [Django] #34379: Invalid regex pattern for password reset token in 4.2b1

2023-03-02 Thread Django 
#34379: Invalid regex pattern for password reset token in 4.2b1
-+-
 Reporter:  Dmitriy Sintsov  |Owner:  nobody
 Type:  Bug  |   Status:  closed
Component:  contrib.auth |  Version:  4.2
 Severity:  Normal   |   Resolution:  invalid
 Keywords:  password reset   | Triage Stage:
  token auth admin   |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-
Changes (by Mariusz Felisiak):

 * status:  new => closed
 * resolution:   => invalid


Comment:

 Thanks for this report, however I don't see such regex anywhere in Django.
 This seems to be an issue in your code.

-- 
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/01070186a2228c48-5cef978d-15a7-4185-a9fd-38af932db4c4-00%40eu-central-1.amazonses.com.

Re: [Django] #34379: Invalid regex pattern for password reset token in 4.2b1

2023-03-02 Thread Django 
#34379: Invalid regex pattern for password reset token in 4.2b1
-+-
 Reporter:  Dmitriy Sintsov  |Owner:  nobody
 Type:  Bug  |   Status:  new
Component:  contrib.auth |  Version:  4.2
 Severity:  Normal   |   Resolution:
 Keywords:  password reset   | Triage Stage:
  token auth admin   |  Unreviewed
Has patch:  0|  Needs documentation:  0
  Needs tests:  0|  Patch needs improvement:  0
Easy pickings:  1|UI/UX:  0
-+-
Description changed by Dmitriy Sintsov:

Old description:

> Probably the second part of token (32 chars) is too long for {1,20}
> regex:
>
> NoReverseMatch at /password-reset/
> Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64':
> 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1
> pattern(s) tried: ['reset/(?P[0-9A-Za-z_\\-]+)/(?P[0-9A-
> Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
> Request Method: POST
> Request URL:http://127.0.0.1:8000/password-reset/
> Django Version: 4.2b1
> Exception Type: NoReverseMatch
> Exception Value:
> Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64':
> 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1
> pattern(s) tried: ['reset/(?P[0-9A-Za-z_\\-]+)/(?P[0-9A-
> Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
> Exception Location: /home/user/work/ispdevenv/lib/python3.10/site-
> packages/django/urls/resolvers.py, line 828, in _reverse_with_prefix
>
> Error during template rendering
> In template /home/user/work/ispdevenv/lib/python3.10/site-
> packages/django/contrib/admin/templates/registration/password_reset_email.html,
> error at line 6
>
> Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64':
> 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1
> pattern(s) tried: ['reset/(?P[0-9A-Za-z_\\-]+)/(?P[0-9A-
> Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
> 1   {% load i18n %}{% autoescape off %}
> 2   {% blocktranslate %}You're receiving this email because you
> requested a password reset for your user account at {{ site_name }}.{%
> endblocktranslate %}
> 3
> 4   {% translate "Please go to the following page and choose a new
> password:" %}
> 5   {% block reset_link %}
> 6   {{ protocol }}://{{ domain }}{% url 'password_reset_confirm'
> uidb64=uid token=token %}
> 7   {% endblock %}
> 8   {% translate 'Your username, in case you’ve forgotten:' %} {{
> user.get_username }}
> 9
> 10  {% translate "Thanks for using our site!" %}
> 11
> 12  {% blocktranslate %}The {{ site_name }} team{% endblocktranslate
> %}
> 13
> 14  {% endautoescape %}
> 15

New description:

 Probably the second part of token (32 chars) is too long for {1,20} regex:

 {{{
 NoReverseMatch at /password-reset/
 Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64':
 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1
 pattern(s) tried: ['reset/(?P[0-9A-Za-z_\\-]+)/(?P[0-9A-
 Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
 Request Method: POST
 Request URL:http://127.0.0.1:8000/password-reset/
 Django Version: 4.2b1
 Exception Type: NoReverseMatch
 Exception Value:
 Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64':
 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1
 pattern(s) tried: ['reset/(?P[0-9A-Za-z_\\-]+)/(?P[0-9A-
 Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
 Exception Location: /home/user/work/ispdevenv/lib/python3.10/site-
 packages/django/urls/resolvers.py, line 828, in _reverse_with_prefix

 Error during template rendering
 In template /home/user/work/ispdevenv/lib/python3.10/site-
 packages/django/contrib/admin/templates/registration/password_reset_email.html,
 error at line 6

 Reverse for 'password_reset_confirm' with keyword arguments '{'uidb64':
 'MQ', 'token': 'bkfl1u-973ffa0db26e9754b6591f45ce331fd6'}' not found. 1
 pattern(s) tried: ['reset/(?P[0-9A-Za-z_\\-]+)/(?P[0-9A-
 Za-z]{1,13}-[0-9A-Za-z]{1,20})/$']
 1   {% load i18n %}{% autoescape off %}
 2   {% blocktranslate %}You're receiving this email because you
 requested a password reset for your user account at {{ site_name }}.{%
 endblocktranslate %}
 3
 4   {% translate "Please go to the following page and choose a new
 password:" %}
 5   {% block reset_link %}
 6   {{ protocol }}://{{ domain }}{% url 'password_reset_confirm'
 uidb64=uid token=token %}
 7   {% endblock %}
 8   {% translate 'Your username, in case you’ve forgotten:' %} {{
 user.get_username }}
 9
 10  {% translate "Thanks for using our site!" %}
 11
 12  {% blocktranslate %}The {{ site_name }} team{% endblocktranslate
 %}
 13
 14