Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login to /auth/token/login fails because the path became more strict in patch release 2.2.1 #778

Closed
dhrp opened this issue Nov 9, 2023 · 2 comments · Fixed by #779
Closed

Login to /auth/token/login fails because the path became more strict in patch release 2.2.1 #778

dhrp opened this issue Nov 9, 2023 · 2 comments · Fixed by #779
Assignees
@tomwojcik
Labels
regression

Comments

@dhrp
Copy link

dhrp commented Nov 9, 2023

Release 2.2.1 introduced (but not documented) a change to the url routes.

Specifically, the following test used to pass, but now fails.

        response = client.post(
            "/auth/token/login",
            {"email": "[email protected]", "password": "some-password"},
            format="json",
        )
        self.assertEqual(response.status_code, 200)

Luckily I had a test to warn me, but this change, introduced as a patch release has the potential to break actual logins in the wild.

Let me also be clear: Using this path for login is not "django standard" -> they have a trailing slash; but front-end developers may not be aware and may have used the path without a trailing slash.

The actual change is here:
2.2.0...2.2.1#diff-46b93deeea84b407c499c260c1d4dad6a9ae0868d3da10080d1c09d9ad10f67bL6

Depending on how much you think this is an issue for users I suggest reverting the change in 2.2.2 and introducing it as a 2.3.0. (I auto-upgrade dependencies on path releases)
@tomwojcik tomwojcik self-assigned this Nov 9, 2023
@tomwojcik tomwojcik added bug and removed bug labels Nov 9, 2023
@tomwojcik
Copy link
Contributor

Right, that's my regression, sorry.

16f406e#diff-46b93deeea84b407c499c260c1d4dad6a9ae0868d3da10080d1c09d9ad10f67bL6

I did not notice it's ?, $ and ?$. It should have been a single pattern from the beginning :/ Since I'm not sure how to clean it up, I will just roll back these changes.

@tomwojcik tomwojcik mentioned this issue Nov 9, 2023
Merged
@tomwojcik
Copy link
Contributor

Released in 2.2.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tomwojcik tomwojcik

Labels
regression
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Revert "replace re_path with path" sunscrapers/djoser
2 participants
@dhrp @tomwojcik