Opened 5 months ago

Closed 4 months ago

Last modified 4 months ago

#35477 closed Bug (fixed)

Required field error added to new_password1 on forms that inherit SetPasswordForm with additional new_password1 level validation.

Reported by: אורי Owned by: Fabian Braun
Component: contrib.auth Version: 5.1
Severity: Release blocker Keywords:
Cc: Fabian Braun, Natalia Bidart Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by אורי)

Hi,

I ran Speedy Net's tests with Django 5.1a1. Some tests failed with an unexpected error messages. These tests passed with Django versions 4.2.13 and 5.0.6.

To run these tests, run ./tests_manage_all_sites_with_all_warnings.sh test speedy.core.accounts.tests.test_views.EditProfileCredentialsViewEnglishTestCase --shuffle --test-all-languages with Django==5.1a1 installed. Here are the error messages:

'new_password1': ['This password is too short. It must contain at least 8 characters.', 'This field is required.'] (the actual error message received)
'new_password1': ['This password is too short. It must contain at least 8 characters.'] (the expected error message)

It looks like the error message "This field is required." is unexpected and doesn't appear with Django versions 4.2.13 and 5.0.6. Notice that this field was not missing but too short. A similar problem happens when the new password is too long.

I confirm the extra error message appears on the site with Django 5.1a1 and I created screenshots which I'm attaching here. The first screenshot I attached is with Django 5.1a1 and the second one with Django 4.2.13 (and is the expected error messages).

Attachments (2)

Untitled 2024-05-24 a1.png (16.7 KB ) - added by אורי 5 months ago.
Untitled 2024-05-24 a2.png (14.9 KB ) - added by אורי 5 months ago.

Download all attachments as: .zip

Change History (15)

by אורי, 5 months ago

Attachment: Untitled 2024-05-24 a1.png added

by אורי, 5 months ago

Attachment: Untitled 2024-05-24 a2.png added

comment:1 by אורי, 5 months ago

Description: modified (diff)

comment:2 by Sarah Boyce, 5 months ago

Component: Uncategorizedcontrib.auth
Severity: NormalRelease blocker
Triage Stage: UnreviewedAccepted
Type: UncategorizedBug

Hi אורי, I spent quite a while with this. Next time please share links to your tests or code in the ticket.

git bisect confirmed this is a regression in e626716c28b6286f8cf0f8174077f3d2244f3eb3 (ref #34429)

Here is a test case:

  • tests/auth_tests/test_forms.py

    diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
    index b44f1edb24..f5e2612bf5 100644
    a b import re  
    33import urllib.parse
    44from unittest import mock
    55
     6from django.contrib.auth import password_validation
    67from django.contrib.auth.forms import (
    78    AdminPasswordChangeForm,
    89    AuthenticationForm,
    class SetPasswordFormTest(TestDataMixin, TestCase):  
    865866                    form.fields[field_name].widget.attrs["autocomplete"], autocomplete
    866867                )
    867868
     869    @override_settings(
     870        AUTH_PASSWORD_VALIDATORS=[
     871            {
     872                "NAME": (
     873                    "django.contrib.auth.password_validation.MinimumLengthValidator"
     874                ),
     875                "OPTIONS": {"min_length": 12},
     876            },
     877        ]
     878    )
     879    def test_extra_validation(self):
     880        class ModifiedSetPasswordForm(SetPasswordForm):
     881            def clean_new_password1(self):
     882                new_password = self.cleaned_data["new_password1"]
     883                password_validation.validate_password(password=new_password)
     884                return new_password
     885
     886        user = User.objects.get(username="testclient")
     887        form = ModifiedSetPasswordForm(
     888            user, {"new_password1": "abc", "new_password2": "abc"}
     889        )
     890        self.assertIs(form.is_valid(), False)
     891        self.assertEqual(
     892            form["new_password1"].errors,
     893            ["This password is too short. It must contain at least 12 characters."],
     894        )
     895        self.assertEqual(
     896            form["new_password2"].errors,
     897            ["This password is too short. It must contain at least 12 characters."],
     898        )
     899
    868900
    869901class PasswordChangeFormTest(TestDataMixin, TestCase):
    870902    def test_incorrect_password(self):

comment:3 by Sarah Boyce, 5 months ago

Cc: Fabian Braun Natalia Bidart added
Summary: Django 5.1a1 - unexpected error messageRequired field error added to new_password1 on forms that inherit SetPasswordForm with additional new_password1 level validation.

comment:4 by Sarah Boyce, 5 months ago

Thank you for testing 5.1 and raising the ticket אורי 👍

comment:5 by Fabian Braun, 5 months ago

Owner: changed from nobody to Fabian Braun
Status: newassigned

comment:6 by Fabian Braun, 5 months ago

Has patch: set

comment:7 by Natalia Bidart, 5 months ago

Needs tests: set

comment:8 by Fabian Braun, 5 months ago

Needs tests: unset

in reply to:  2 comment:9 by אורי, 5 months ago

Replying to Sarah Boyce:

Hi אורי, I spent quite a while with this. Next time please share links to your tests or code in the ticket.

Sorry about that. Code is under https://github.com/speedy-net/speedy-net. Tests are in relevant test files. Recent tests I ran are under https://github.com/speedy-net/speedy-net/actions.

The tests I mentioned in this ticket (speedy.core.accounts.tests.test_views.EditProfileCredentialsViewEnglishTestCase) are under https://github.com/speedy-net/speedy-net/blob/main/speedy/core/accounts/tests/test_views.py. Notice that there are also tests for French, German and other languages.

comment:10 by Natalia Bidart, 4 months ago

Needs tests: set
Patch needs improvement: set

comment:11 by Natalia Bidart, 4 months ago

Needs tests: unset
Patch needs improvement: unset
Triage Stage: AcceptedReady for checkin

comment:12 by nessita <124304+nessita@…>, 4 months ago

Resolution: fixed
Status: assignedclosed

In 339977d4:

Fixed #35477 -- Corrected 'required' errors in auth password set/change forms.

The auth forms using SetPasswordMixin were incorrectly including the
'This field is required.' error when additional validations (e.g.,
overriding clean_password1) were performed and failed.
This fix ensures accurate error reporting for password fields.

Co-authored-by: Natalia <124304+nessita@…>

comment:13 by Natalia <124304+nessita@…>, 4 months ago

In 9996bb1e:

[5.1.x] Fixed #35477 -- Corrected 'required' errors in auth password set/change forms.

The auth forms using SetPasswordMixin were incorrectly including the
'This field is required.' error when additional validations (e.g.,
overriding clean_password1) were performed and failed.
This fix ensures accurate error reporting for password fields.

Co-authored-by: Natalia <124304+nessita@…>

Backport of 339977d4441fd353e20950b98bad3d42afb1f126 from main.

Note: See TracTickets for help on using tickets.
Back to Top