Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[1.5.x] Fixed #19354 -- Do not assume usermodel.pk == usermodel.id

Thanks markteisman at hotmail.com for the report.
Backport of 0eeae15 from master.
  • Loading branch information...
commit 47c5b50d346237f30584ad9303dea8f6933ffae3 1 parent 83df1f3
@claudep claudep authored
View
2  django/contrib/admin/options.py
@@ -552,7 +552,7 @@ def log_deletion(self, request, object, object_repr):
"""
from django.contrib.admin.models import LogEntry, DELETION
LogEntry.objects.log_action(
- user_id = request.user.id,
+ user_id = request.user.pk,
content_type_id = ContentType.objects.get_for_model(self.model).pk,
object_id = object.pk,
object_repr = object_repr,
View
4 django/contrib/auth/__init__.py
@@ -81,14 +81,14 @@ def login(request, user):
user = request.user
# TODO: It would be nice to support different login methods, like signed cookies.
if SESSION_KEY in request.session:
- if request.session[SESSION_KEY] != user.id:
+ if request.session[SESSION_KEY] != user.pk:
# To avoid reusing another user's session, create a new, empty
# session if the existing session corresponds to a different
# authenticated user.
request.session.flush()
else:
request.session.cycle_key()
- request.session[SESSION_KEY] = user.id
+ request.session[SESSION_KEY] = user.pk
request.session[BACKEND_SESSION_KEY] = user.backend
if hasattr(request, 'user'):
request.user = user
View
2  django/contrib/auth/forms.py
@@ -241,7 +241,7 @@ def save(self, domain_override=None,
'email': user.email,
'domain': domain,
'site_name': site_name,
- 'uid': int_to_base36(user.id),
+ 'uid': int_to_base36(user.pk),
'user': user,
'token': token_generator.make_token(user),
'protocol': use_https and 'https' or 'http',
View
2  django/contrib/auth/tests/templates/context_processors/auth_attrs_user.html
@@ -1,4 +1,4 @@
unicode: {{ user }}
-id: {{ user.id }}
+id: {{ user.pk }}
username: {{ user.username }}
url: {% url 'userpage' user %}
View
2  django/contrib/auth/tokens.py
@@ -58,7 +58,7 @@ def _make_token_with_timestamp(self, user, timestamp):
# Ensure results are consistent across DB backends
login_timestamp = user.last_login.replace(microsecond=0, tzinfo=None)
- value = (six.text_type(user.id) + user.password +
+ value = (six.text_type(user.pk) + user.password +
six.text_type(login_timestamp) + six.text_type(timestamp))
hash = salted_hmac(key_salt, value).hexdigest()[::2]
return "%s-%s" % (ts_b36, hash)
View
2  django/contrib/auth/views.py
@@ -206,7 +206,7 @@ def password_reset_confirm(request, uidb36=None, token=None,
post_reset_redirect = reverse('django.contrib.auth.views.password_reset_complete')
try:
uid_int = base36_to_int(uidb36)
- user = UserModel.objects.get(id=uid_int)
+ user = UserModel.objects.get(pk=uid_int)
except (ValueError, OverflowError, UserModel.DoesNotExist):
user = None
View
2  docs/ref/templates/builtins.txt
@@ -611,7 +611,7 @@ Output the contents of the block if the two arguments equal each other.
Example::
- {% ifequal user.id comment.user_id %}
+ {% ifequal user.pk comment.user_id %}
...
{% endifequal %}
View
10 tests/regressiontests/model_formsets_regress/tests.py
@@ -351,7 +351,7 @@ class Meta:
def should_delete(self):
""" delete form if odd PK """
- return self.instance.id % 2 != 0
+ return self.instance.pk % 2 != 0
NormalFormset = modelformset_factory(User, form=CustomDeleteUserForm, can_delete=True)
DeleteFormset = modelformset_factory(User, form=CustomDeleteUserForm, formset=BaseCustomDeleteModelFormSet)
@@ -392,7 +392,7 @@ def test_no_delete(self):
data = dict(self.data)
data['form-INITIAL_FORMS'] = 4
data.update(dict(
- ('form-%d-id' % i, user.id)
+ ('form-%d-id' % i, user.pk)
for i,user in enumerate(User.objects.all())
))
formset = self.NormalFormset(data, queryset=User.objects.all())
@@ -409,7 +409,7 @@ def test_all_delete(self):
data = dict(self.data)
data['form-INITIAL_FORMS'] = 4
data.update(dict(
- ('form-%d-id' % i, user.id)
+ ('form-%d-id' % i, user.pk)
for i,user in enumerate(User.objects.all())
))
data.update(self.delete_all_ids)
@@ -428,7 +428,7 @@ def test_custom_delete(self):
data = dict(self.data)
data['form-INITIAL_FORMS'] = 4
data.update(dict(
- ('form-%d-id' % i, user.id)
+ ('form-%d-id' % i, user.pk)
for i,user in enumerate(User.objects.all())
))
data.update(self.delete_all_ids)
@@ -440,5 +440,5 @@ def test_custom_delete(self):
self.assertEqual(len(User.objects.all()), 2)
# verify no "odd" PKs left
- odd_ids = [user.id for user in User.objects.all() if user.id % 2]
+ odd_ids = [user.pk for user in User.objects.all() if user.pk % 2]
self.assertEqual(len(odd_ids), 0)
View
2  tests/regressiontests/transactions_regress/tests.py
@@ -140,7 +140,7 @@ def create_system_user():
"Create a user in a transaction"
user = User.objects.create_user(username='system', password='iamr00t', email='root@SITENAME.com')
# Redundant, just makes sure the user id was read back from DB
- Mod.objects.create(fld=user.id)
+ Mod.objects.create(fld=user.pk)
# Create a user
create_system_user()
Please sign in to comment.
Something went wrong with that request. Please try again.