Opened 3 years ago

Closed 3 years ago

#19130 closed Cleanup/optimization (fixed)

Auth forms contain hard-coded assumptions about field length

Reported by: russellm Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


The auth forms contain some hardcoded assumptions about the length of the username field.

In some cases, these are reasonable -- the user creation form should reasonably check the expected length etc of the username field.

However, in other cases, it's just busy work:

  • LoginForm sets max_length=30.
  • PasswordResetFrom sets max_length=75 on the email field.

While it's possible for these forms to be customized by the end user, we can avoid the need for 90% of users to need to do this customization by making the defaults a little more accepting -- a length of 254 chars in both cases would allow email addresses as login, without affecting the data integrity of the actual user model.

Change History (1)

comment:1 Changed 3 years ago by Russell Keith-Magee <russell@…>

  • Resolution set to fixed
  • Status changed from new to closed

In bfcda7781a886ab2b7b41937c0f49c088f58a3d7:

Fixed #19130 -- Made some of the auth forms more flexible for user models.

Note: See TracTickets for help on using tickets.
Back to Top