From 8f9cb7c007efa8c6cd03a2a63efcaad6c60742f4 Mon Sep 17 00:00:00 2001
From: Chiemezuo <chiemezuoakujobi@gmail.com>
Date: Sun, 22 Oct 2023 17:44:36 +0100
Subject: [PATCH] fix validation error on save from autocomplete (#11113)

---
 CHANGELOG.txt                                  |  1 +
 docs/releases/5.3.md                           |  1 +
 wagtail/admin/tests/test_account_management.py | 16 ++++++++++++++++
 wagtail/admin/views/account.py                 |  1 -
 4 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 0c9937d4aa..69d091d883 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -5,6 +5,7 @@ Changelog
 ~~~~~~~~~~~~~~~~
 
  * Fix: Update system check for overwriting storage backends to recognise the `STORAGES` setting introduced in Django 4.2 (phijma-leukeleu)
+ * Fix: Prevent password change form from raising a validation error when browser autocomplete fills in the "Old password" field (Chiemezuo Akujobi)
  * Maintenance: Update BeautifulSoup upper bound to 4.12.x (scott-8)
 
 
diff --git a/docs/releases/5.3.md b/docs/releases/5.3.md
index c1135256e8..1b84ca5964 100644
--- a/docs/releases/5.3.md
+++ b/docs/releases/5.3.md
@@ -19,6 +19,7 @@ depth: 1
 ### Bug fixes
 
  * Update system check for overwriting storage backends to recognise the `STORAGES` setting introduced in Django 4.2 (phijma-leukeleu)
+ * Prevent password change form from raising a validation error when browser autocomplete fills in the "Old password" field (Chiemezuo Akujobi)
 
 ### Documentation
 
diff --git a/wagtail/admin/tests/test_account_management.py b/wagtail/admin/tests/test_account_management.py
index c196bc3af7..b7eda12d23 100644
--- a/wagtail/admin/tests/test_account_management.py
+++ b/wagtail/admin/tests/test_account_management.py
@@ -419,6 +419,22 @@ class TestAccountSection(WagtailTestUtils, TestCase, TestAccountSectionUtilsMixi
         self.user.refresh_from_db()
         self.assertTrue(self.user.check_password("password"))
 
+    def test_ignore_change_password_if_only_old_password_supplied(self):
+        response = self.post_form(
+            {
+                "password-old_password": "password",
+                "password-new_password1": "",
+                "password-new_password2": "",
+            }
+        )
+
+        # Check that everything runs as usual (with a redirect), instead of a validation error
+        self.assertRedirects(response, reverse("wagtailadmin_account"))
+
+        # Check that the password was not changed
+        self.user.refresh_from_db()
+        self.assertTrue(self.user.check_password("password"))
+
     def test_change_notifications(self):
         response = self.post_form(
             {
diff --git a/wagtail/admin/views/account.py b/wagtail/admin/views/account.py
index 1a7b1f1b6a..616006fb98 100644
--- a/wagtail/admin/views/account.py
+++ b/wagtail/admin/views/account.py
@@ -209,7 +209,6 @@ class ChangePasswordPanel(BaseSettingsPanel):
         if self.request.method == "POST":
             bind_form = any(
                 [
-                    self.request.POST.get(self.name + "-old_password"),
                     self.request.POST.get(self.name + "-new_password1"),
                     self.request.POST.get(self.name + "-new_password2"),
                 ]