Fixed #36561 -- Used request.auser() in contrib.auth.aupdate_session_auth_hash().

Xdynix · sarahboyce · commit cd7554e55179 · 2025-08-20T09:14:50.000+02:00
diff --git a/django/contrib/auth/__init__.py b/django/contrib/auth/__init__.py
@@ -408,5 +408,5 @@ def update_session_auth_hash(request, user):
 async def aupdate_session_auth_hash(request, user):
     """See update_session_auth_hash()."""
     await request.session.acycle_key()
-    if hasattr(user, "get_session_auth_hash") and request.user == user:
+    if hasattr(user, "get_session_auth_hash") and await request.auser() == user:
         await request.session.aset(HASH_SESSION_KEY, user.get_session_auth_hash())
diff --git a/tests/async/test_async_auth.py b/tests/async/test_async_auth.py
@@ -143,7 +143,11 @@ async def test_change_password(self):
         await self.client.alogin(username="testuser", password="testpw")
         request = HttpRequest()
         request.session = await self.client.asession()
-        request.user = self.test_user
+
+        async def auser():
+            return self.test_user
+
+        request.auser = auser
         await aupdate_session_auth_hash(request, self.test_user)
         user = await aget_user(request)
         self.assertIsInstance(user, User)
