Opened 4 years ago
Last modified 4 years ago
#32553 closed New feature
Allow UserAttributeSimilarityValidator to validate against fields of related models — at Version 1
| Reported by: | Meiyer | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description (last modified by )
The password validator UserAttributeSimilarityValidator is currently too rigid and allows comparison of the password only to the fields of the User model, while ignoring the common case where there is also a profile attached to the user (as a separate model). My suggestion is to relax the attribute resolution so that also fields defined on related models could be accessed; for example, by traversing a dotted path as in reduce(getattr, path.split('.'), obj).
Yet a better option could be to allow plugging into the validator by means of an overridable method get_user_attribute(self, attribute_name) used instead of a direct getattr, that will allow more customisation while leaving the validation logic intact.