Closed smcoll closed 9 years ago
Hey @smcoll, thanks for your detailed report! StormpathError
can occur for various reasons, so it really shouldn't raise this error (and delete account!) without inspecting it.
However, I didn't manage to reproduce described scenario - changing password in Django admin did nothing, and my user could still login with old password.
Would you mind telling me which stormpath-django version are you using? Thanks!
@avojnovicDk i was using the latest released version of stormpath_django at the time. i had ported stormpath users from another user model (perhaps incorrectly), so likely the error was related to some edge case resulting from that. Given that you've addressed this ticket with #53, i suppose this ticket can be closed. Thanks for your attention on this issue!
i noticed this issue when using the admin change password form with a password not meeting the Stormpath directory's password requirements.
For example, try entering an invalid password (like 'foo') twice at /admin/django_stormpath/stormpathuser/1/password/
In some cases, the account is removed from Stormpath and the database.
In
StormpathUser._update_stormpath_user()
, anyStormpathError
results in anObjectDoesNotExist
. When called fromStormpathUser._update_for_db_and_stormpath()
, anObjectDoesNotExist
results in aself.delete()
.It seems that the solution would be to further inspect the
StormpathError
before deciding to return anObjectDoesNotExist
, which may not be accurate.