summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2018-09-27 19:52:01 -0400
committerCarlton Gibson <carlton.gibson@noumenal.es>2018-10-01 10:16:15 +0200
commit176d20b92a8d2427b68ebf6e6824ded665013d86 (patch)
tree12b76e822b6f1d701474a3a3bfac0f36167c4c86 /tests
parentc4bd5b597e0aa2432e4c867b86650f18af117851 (diff)
[2.1.x] Fixed #29809 -- Fixed a crash when a "view only" user POSTs to the admin user change form.
Backport of a7284cc0c3620030b43034cdf41216c0941bf411 from master
Diffstat (limited to 'tests')
-rw-r--r--tests/auth_tests/test_views.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 60b90cef0a..f6a84d50a4 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -1231,6 +1231,7 @@ class ChangelistTests(AuthViewsTestCase):
u = User.objects.get(username='testclient')
u.is_superuser = False
u.save()
+ original_password = u.password
u.user_permissions.add(get_perm(User, 'view_user'))
response = self.client.get(reverse('auth_test_admin:auth_user_change', args=(u.pk,)),)
algo, salt, hash_string = (u.password.split('$'))
@@ -1245,6 +1246,14 @@ class ChangelistTests(AuthViewsTestCase):
),
html=True,
)
+ # Value in POST data is ignored.
+ data = self.get_user_data(u)
+ data['password'] = 'shouldnotchange'
+ change_url = reverse('auth_test_admin:auth_user_change', args=(u.pk,))
+ response = self.client.post(change_url, data)
+ self.assertRedirects(response, reverse('auth_test_admin:auth_user_changelist'))
+ u.refresh_from_db()
+ self.assertEqual(u.password, original_password)
@override_settings(