Opened 6 hours ago

Last modified 6 hours ago

#36703 new Uncategorized

Undocumented change of SetPasswordForm in django 5.1 release notes

Reported by: Laurent Bergeron Owned by:
Component: Documentation Version: 5.1
Severity: Normal Keywords: Authentication, Forms
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: yes
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description

Since version 5.1 of django, django.contrib.auth.forms.SetPasswordForm looks like this:

class SetPasswordForm(SetPasswordMixin, forms.Form):
    """
    A form that lets a user set their password without entering the old
    password
    """

    new_password1, new_password2 = SetPasswordMixin.create_password_fields(
        label1=_("New password"), label2=_("New password confirmation")
    )

    def __init__(self, user, *args, **kwargs):
        self.user = user
        super().__init__(*args, **kwargs)

    def clean(self):
        self.validate_passwords("new_password1", "new_password2")
        self.validate_password_for_user(self.user, "new_password2")
        return super().clean()

    def save(self, commit=True):
        return self.set_password_and_save(self.user, "new_password1", commit=commit)

Before version 5.1 though, it looked like this:

class SetPasswordForm(forms.Form):
    """
    A form that lets a user set their password without entering the old
    password
    """

    error_messages = {
        "password_mismatch": _("The two password fields didn’t match."),
    }
    new_password1 = forms.CharField(
        label=_("New password"),
        widget=forms.PasswordInput(attrs={"autocomplete": "new-password"}),
        strip=False,
        help_text=password_validation.password_validators_help_text_html(),
    )
    new_password2 = forms.CharField(
        label=_("New password confirmation"),
        strip=False,
        widget=forms.PasswordInput(attrs={"autocomplete": "new-password"}),
    )

    def __init__(self, user, *args, **kwargs):
        self.user = user
        super().__init__(*args, **kwargs)

    def clean_new_password2(self):
        password1 = self.cleaned_data.get("new_password1")
        password2 = self.cleaned_data.get("new_password2")
        if password1 and password2 and password1 != password2:
            raise ValidationError(
                self.error_messages["password_mismatch"],
                code="password_mismatch",
            )
        password_validation.validate_password(password2, self.user)
        return password2

    def save(self, commit=True):
        password = self.cleaned_data["new_password1"]
        self.user.set_password(password)
        if commit:
            self.user.save()
        return self.user

I can't see this change described anywhere in the 5.1 release note https://docs.djangoproject.com/en/5.2/releases/5.1/

Do I have a blind spot and the change is in fact described in the patch note ? If it is not, should it be or is it too small of a change to be part of the release notes?

Personally, it caused some of my tests to fail when I upgraded from 4.2 to 5.2. I had some logic to modify the error messages and it broke because of the change.

Change History (1)

comment:1 by Laurent Bergeron, 6 hours ago

Needs documentation: set
Note: See TracTickets for help on using tickets.
Back to Top