diff options
| author | Sarah Boyce <42296566+sarahboyce@users.noreply.github.com> | 2025-01-17 17:44:25 +0100 |
|---|---|---|
| committer | nessita <124304+nessita@users.noreply.github.com> | 2025-04-17 12:00:20 -0300 |
| commit | d755a98b8438c10f3cff61303ceb1fe16d414e9b (patch) | |
| tree | 7fe508bdc927f8abe04fd2457abbb471daac6203 /tests/admin_utils | |
| parent | 8a0ad1ebe313a4f4fca6e9068c06ee400d15b8a4 (diff) | |
Fixed #35959 -- Displayed password reset button in admin only when user has sufficient permissions.
This change ensures that the "Reset password" button in the admin is
shown only when the user has the necessary permission to perform a
password change operation. It reuses the password hashing rendering
logic in `display_for_field` to show the appropriate read-only widget
for users with view-only access.
Diffstat (limited to 'tests/admin_utils')
| -rw-r--r-- | tests/admin_utils/tests.py | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/tests/admin_utils/tests.py b/tests/admin_utils/tests.py index 77d6655290..6d165637e7 100644 --- a/tests/admin_utils/tests.py +++ b/tests/admin_utils/tests.py @@ -17,9 +17,12 @@ from django.contrib.admin.utils import ( lookup_field, quote, ) +from django.contrib.auth.models import User +from django.contrib.auth.templatetags.auth import render_password_as_hash from django.core.validators import EMPTY_VALUES from django.db import DEFAULT_DB_ALIAS, models from django.test import SimpleTestCase, TestCase, override_settings +from django.test.utils import isolate_apps from django.utils.formats import localize from django.utils.safestring import mark_safe @@ -238,6 +241,28 @@ class UtilsTests(SimpleTestCase): ) self.assertEqual(display_value, "12,345") + @isolate_apps("admin_utils") + def test_display_for_field_password_name_not_user_model(self): + class PasswordModel(models.Model): + password = models.CharField(max_length=200) + + password_field = PasswordModel._meta.get_field("password") + display_value = display_for_field("test", password_field, self.empty_value) + self.assertEqual(display_value, "test") + + def test_password_display_for_field_user_model(self): + password_field = User._meta.get_field("password") + for password in [ + "invalid", + "md5$zjIiKM8EiyfXEGiexlQRw4$a59a82cf344546e7bc09cb5f2246370a", + "!b7pk7RNudAXGTNLK6fW5YnBCLVE6UUmeoJJYQHaO", + ]: + with self.subTest(password=password): + display_value = display_for_field( + password, password_field, self.empty_value + ) + self.assertEqual(display_value, render_password_as_hash(password)) + def test_list_display_for_value(self): display_value = display_for_value([1, 2, 3], self.empty_value) self.assertEqual(display_value, "1, 2, 3") |