Code

Opened 6 years ago

Closed 6 years ago

#9803 closed (invalid)

AuthenticationForm not showing errors.

Reported by: anonymous Owned by: nobody
Component: Uncategorized Version: 1.0
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The view:

def userlogin(request):
	if request.method == "POST":
		form = forms.AuthenticationForm(request.POST)
		if form.is_valid():
			return HttpResponseRedirect(request.GET['next'])
	else:
		form = forms.AuthenticationForm()
	return render_to_response("login.html",
	{
		"form":		form,
		"style":	request.GET.get("style"),
		"title":	"login",
		"path":		request.path
	})

The template:

{% extends "template.html" %}

{% block content %}
					<h3>login...</h3>
					<h4>browse anonymously otherwise.</h4>
					<hr />
					{{ form.errors }}
					<form method="POST" action=".">
						<dl>
							<dt>{{ form.username.label_tag }}</dt>
							<dd>{{ form.username }}</dd>
							<dt>{{ form.password.label_tag }}</dt>
							<dd>{{ form.password }}</dd>
						</dl>
						<input type="submit" value="login" />
						<input type="hidden" name="next" value="{{ next }}" />
					</form>
{% endblock %}

Attachments (0)

Change History (2)

comment:1 Changed 6 years ago by cgrady

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset

To be clear, while his example has slight issues (like not showing per-field errors), the form itself doesn't validate if you don't provide both user AND password.

So if you leave both blank, or leave one blank, you get back a form with no errors, no matter how you display it.

Only if you give both will it bother trying to validate - the fields should at least be required so they'll error when empty.

comment:2 Changed 6 years ago by kmtracey

  • Resolution set to invalid
  • Status changed from new to closed

Although no import is shown I'm assuming django.contrib.auth.forms.AuthenticationForm is what's being used here.

The fields are required, see: http://code.djangoproject.com/browser/django/tags/releases/1.0/django/contrib/auth/forms.py#L54

where no required=False is specified for the fields so they are both required by default. The problem with the posted code is the request.POST dictionary is being given as the first positional parameter, but for this form the first positional parameter is expected to be a request object. So the form that is created is not bound, meaning is_valid() will be false but also it won't have any errors. Either pass request in as the first positional parameter (it's apparently used to ensure cookies are working) or pass request.POST as data=request.POST.

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.