>>> get_user_model().objects.get(id=1)
*** api.models.user.User.DoesNotExist: User matching query does not exist.
>>> get_user_model().objects.get(id='1') # security issue
<User: user0>
>>> get_user_model().objects.get(id='BKZv4G8')
<User: user0>
get_user_model().objects.get(id='1') should raise an exception given that it can lead to a security breach (for example an attacker can find how many rows there is in the DB). And if str(integer) lookup is allowed, the option HASHID_FIELD_ALLOW_INT_LOOKUP is useless...
The release 3.2.0 has this security issue while the 3.1.3 works perfectly.
get_user_model().objects.get(id='1')should raise an exception given that it can lead to a security breach (for example an attacker can find how many rows there is in the DB). And if str(integer) lookup is allowed, the option HASHID_FIELD_ALLOW_INT_LOOKUP is useless... The release 3.2.0 has this security issue while the 3.1.3 works perfectly.I fixed that in the PR.