Opened 6 years ago

Closed 6 years ago

Last modified 12 months ago

#19130 closed Cleanup/optimization (fixed)

Auth forms contain hard-coded assumptions about field length

Reported by: Russell Keith-Magee Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


The auth forms contain some hardcoded assumptions about the length of the username field.

In some cases, these are reasonable -- the user creation form should reasonably check the expected length etc of the username field.

However, in other cases, it's just busy work:

  • LoginForm sets max_length=30.
  • PasswordResetFrom sets max_length=75 on the email field.

While it's possible for these forms to be customized by the end user, we can avoid the need for 90% of users to need to do this customization by making the defaults a little more accepting -- a length of 254 chars in both cases would allow email addresses as login, without affecting the data integrity of the actual user model.

Change History (2)

comment:1 Changed 6 years ago by Russell Keith-Magee <russell@…>

Resolution: fixed
Status: newclosed

In bfcda7781a886ab2b7b41937c0f49c088f58a3d7:

Fixed #19130 -- Made some of the auth forms more flexible for user models.

comment:2 Changed 12 months ago by Tim Graham <timograham@…>

In d2333912:

Refs #19130 -- Added a test for AuthenticationForm.username max_length.

This will be a more useful regression test after refs #27515.

Note: See TracTickets for help on using tickets.
Back to Top