Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#23847 closed Cleanup/optimization (fixed)

Minor Problem with Auth Documentation

Reported by: xmnr Owned by: Berker Peksag
Component: Documentation Version: 1.7
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no



In the Django documentation about the authentication system, there are several snippets of code which may mislead the uninitiated.

For instance:

def email_check(user):

return '@…' in

This is later used by user_passes_test() to authorize a user.

This is a very clear example, but if put into production it would be a security liability because it doesn't prevent a user from registering with the email "hacker@…", or with the upcoming "hacker@…". I think most developers are wiser than that, but a novice may not be.

I think this should be emended with the use of"")

Change History (4)

comment:1 Changed 9 years ago by Sasha Romijn

Needs documentation: set
Triage Stage: UnreviewedAccepted
Type: UncategorizedCleanup/optimization

Makes sense to me. Our documentation should always give the best possible example. Could you make a pull request with all the example changes you think we should make?

comment:2 Changed 9 years ago by Berker Peksag

Has patch: set
Needs documentation: unset
Owner: changed from nobody to Berker Peksag
Status: newassigned

comment:3 Changed 9 years ago by Erik Romijn <eromijn@…>

Resolution: fixed
Status: assignedclosed

In 87bd13617c57a806deb550e3af1c06ce00517a9c:

Fixed #23847 -- Improved the email_check example in the auth documentation.

comment:4 Changed 9 years ago by Erik Romijn <eromijn@…>

In 8819f6f7c9ffb78a13ed3e19803d89b6637358c6:

[1.7.x] Fixed #23847 -- Improved the email_check example in the auth documentation.

Backport of 87bd13617c57a806deb550e3af1c06ce00517a9c from master.

Note: See TracTickets for help on using tickets.
Back to Top