Opened 9 years ago
Closed 9 years ago
#26133 closed Uncategorized (invalid)
AbstractBaseUser missing password validaton
| Reported by: | Fernando Miranda | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | 1.9 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
Using the new password validation framework, it looks like AbstractBaseUser does not call password validators defined in settings.py:
# django.contrib.auth.models.py
class AbstractBaseUser(models.Model):
password = models.CharField(_('password'), max_length=128)
...
I'd expect something like this in the above line:
class AbstractBaseUser(models.Model):
password = models.CharField(_('password'), max_length=128, validators=validators_list())
This issue is related to #25052, but I'm not sure.
Change History (3)
comment:1 by , 9 years ago
| Description: | modified (diff) |
|---|
comment:2 by , 9 years ago
comment:3 by , 9 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
You are right Tim, I got confused by the fact that validation is made not only in Models but also in Forms and other places. Sorry for the noise.
Note:
See TracTickets
for help on using tickets.
I'm not sure how/if that would work because the final value for
passwordis the hashed password and that's not the one we want to validate. Can you describe or give example code of the case where you're seeing validation is missing?