Opened 7 years ago

Closed 7 years ago

Last modified 4 years ago

#8379 closed (fixed)

'change user' admin form doesn't validate username

Reported by: Mirrorball Owned by: kratorius
Component: contrib.auth Version: 1.0-beta
Severity: Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The form for changing a user in the admin interface doesn't validate the username. Any character may be entered.

Attachments (1)

r8520-validate-username.patch (1.9 KB) - added by kratorius 7 years ago.

Download all attachments as: .zip

Change History (10)

comment:1 Changed 7 years ago by thejaswi_puthraya

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

The details provided are vague. Can you give us more details regarding your 'expectations' and the 'result'? This will help in fixing the problem (if any).

comment:2 Changed 7 years ago by ericholscher

  • Resolution set to invalid
  • Status changed from new to closed

Do you mean that there is no javascript validation? There shouldn't be any in javascript. Closed as invalid because there isn't enough information. Please re-open if it's a bug, with a way to repeat.

comment:3 Changed 7 years ago by Mirrorball

  • Resolution invalid deleted
  • Status changed from closed to reopened

No, there's no backend validation. You can enter invalid characters for the username field (for instance, "Mirrorball ") and it's going to be saved even though it doesn't validate.

comment:4 Changed 7 years ago by Mirrorball

My invalid characters were deleted when I sent the above message with an instance of invalid username, but any will do. "Mirrorball at at", for instance.

comment:5 Changed 7 years ago by brosner

  • Owner changed from nobody to brosner
  • Status changed from reopened to new
  • Triage Stage changed from Unreviewed to Accepted

comment:6 Changed 7 years ago by kratorius

  • Owner changed from brosner to kratorius

Changed 7 years ago by kratorius

comment:7 Changed 7 years ago by kratorius

The above patch should fix the issue. Anyway my first thought has been that this kind of validation should be made at model-level (whenever it lands) so we can allow someone that is using some custom backend or that is inheriting the User class to specify what kind of characters are allowed in these fields. But of course this is a post-1.0 thing...

comment:8 Changed 7 years ago by jacob

  • Resolution set to fixed
  • Status changed from new to closed

(In [8544]) Fixed #8379: the admin user change form now properly validates the username. Thanks, kratorius.

comment:9 Changed 4 years ago by jacob

  • milestone 1.0 deleted

Milestone 1.0 deleted

Note: See TracTickets for help on using tickets.
Back to Top