Django

Code

Ticket #7833 (closed: fixed)

Opened 5 months ago

Last modified 3 months ago

UserCreationForm doesn't handle the case where password1 is not set

Reported by: jvloothuis Assigned to:
Milestone: 1.0 Component: Authentication
Version: SVN Keywords:
Cc: Triage Stage: Accepted
Has patch: 1 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 1

Description

The new UserCreationForm? does not check wheter password1 is available in cleaned_data when checking it against the second password. It can be empty when the form is submitted and the user leaves this field blank. The patch has a test and a fix for this issue.

Attachments

usercreationform.patch (1.5 kB) - added by jvloothuis on 07/19/08 06:03:34.
7833-take-2.diff (1.0 kB) - added by mir on 07/22/08 06:37:58.

Change History

07/19/08 06:03:34 changed by jvloothuis

  • attachment usercreationform.patch added.

07/19/08 13:19:28 changed by Mnewman

  • needs_better_patch set to 1.
  • needs_docs changed.
  • stage changed from Unreviewed to Accepted.
  • needs_tests set to 1.
  • milestone set to 1.0.

This is clearly a problem. One thing about the patch in the test the data passed through to the form would include password1 : '' , because the field is still on the page, there just isn't anything in it.

The other thing I would like to bring up is whether we would like the password checking in clean_password2 or if we should have something that more resembles django-registration, which has it in the clean method and doesn't have this problem.

07/22/08 06:37:44 changed by mir

The original patch is a bit twisted. Let's simply use get() and all's well.

07/22/08 06:37:58 changed by mir

  • attachment 7833-take-2.diff added.

07/22/08 06:42:53 changed by mir

  • needs_better_patch deleted.
  • needs_tests deleted.
  • stage changed from Accepted to Ready for checkin.

For some unknown reason, trac hides a part of my patch (the one with the tests). You've got to download it for a proper view.

07/22/08 08:11:45 changed by Mnewman

  • needs_better_patch set to 1.
  • stage changed from Ready for checkin to Accepted.

I still don't think this patch is ready for check in. The test still isn't a proper case (see above). I also think that the checking of the passwords should be done in clean. This section was ported from old forms and we shouldn't be afraid of moving this to the right place now.

08/25/08 11:55:58 changed by jacob

  • status changed from new to closed.
  • resolution set to fixed.

(In [8542]) Fixed #7833: the user creation form now works when password1 isn't set.

Add/Change #7833 (UserCreationForm doesn't handle the case where password1 is not set)




Change Properties
Action