USERNAME_FIELD should be validated as unique=True
|Reported by:||russellm||Owned by:||nobody|
|Has patch:||yes||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The docs describe the fact that USERNAME_FIELD on a custom User model must be unique. Lots of code (e.g., login forms) work on the assumption that USERNAME_FIELD is unique.
However, nothing actually enforces this requirement.
There should be a validation step to enforce the uniqueness of USERNAME_FIELD. It would also be advisable to enforce db_index=True (since username will be a common lookup field)
Marking as release blocker because it's an easy mistake for end-developers to make, and will cause all sorts of weird bugs if it isn't caught.
Change History (9)
Changed 3 years ago by claudep
comment:3 Changed 3 years ago by Russell Keith-Magee <russell@…>
- Resolution set to fixed
- Status changed from new to closed