Opened 8 years ago

Closed 8 years ago

Last modified 5 years ago

#8379 closed (fixed)

'change user' admin form doesn't validate username

Reported by: Mirrorball Owned by: Ivan Giuliani
Component: contrib.auth Version: 1.0-beta
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The form for changing a user in the admin interface doesn't validate the username. Any character may be entered.

Attachments (1)

r8520-validate-username.patch (1.9 KB) - added by Ivan Giuliani 8 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 8 years ago by Thejaswi Puthraya

Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset

The details provided are vague. Can you give us more details regarding your 'expectations' and the 'result'? This will help in fixing the problem (if any).

comment:2 Changed 8 years ago by Eric Holscher

Resolution: invalid
Status: newclosed

Do you mean that there is no javascript validation? There shouldn't be any in javascript. Closed as invalid because there isn't enough information. Please re-open if it's a bug, with a way to repeat.

comment:3 Changed 8 years ago by Mirrorball

Resolution: invalid
Status: closedreopened

No, there's no backend validation. You can enter invalid characters for the username field (for instance, "Mirrorball ") and it's going to be saved even though it doesn't validate.

comment:4 Changed 8 years ago by Mirrorball

My invalid characters were deleted when I sent the above message with an instance of invalid username, but any will do. "Mirrorball at at", for instance.

comment:5 Changed 8 years ago by Brian Rosner

Owner: changed from nobody to Brian Rosner
Status: reopenednew
Triage Stage: UnreviewedAccepted

comment:6 Changed 8 years ago by Ivan Giuliani

Owner: changed from Brian Rosner to Ivan Giuliani

Changed 8 years ago by Ivan Giuliani

comment:7 Changed 8 years ago by Ivan Giuliani

The above patch should fix the issue. Anyway my first thought has been that this kind of validation should be made at model-level (whenever it lands) so we can allow someone that is using some custom backend or that is inheriting the User class to specify what kind of characters are allowed in these fields. But of course this is a post-1.0 thing...

comment:8 Changed 8 years ago by Jacob

Resolution: fixed
Status: newclosed

(In [8544]) Fixed #8379: the admin user change form now properly validates the username. Thanks, kratorius.

comment:9 Changed 5 years ago by Jacob

milestone: 1.0

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top