Skip to content

Fixed #35477 -- Fixed field required validation in forms inheriting from SetPassword. #18195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 30, 2024
Merged

Fixed #35477 -- Fixed field required validation in forms inheriting from SetPassword. #18195

merged 1 commit into from
May 30, 2024

Conversation

fsbraun
Copy link
Contributor

@fsbraun fsbraun commented May 24, 2024

Trac ticket number

ticket-35477

Branch description

When adding additional validation to the SetPassword form in django.contrib.auth and they fail, the from's clean method assumed they were empty since it did only check for truthiness of the passwords.

This PR changes the check for empty passwords to them being empty strings.

@sarahboyce Thanks for providing those helpful tests!!

Checklist

  • This PR targets the main branch.
  • The commit message is written in past tense, mentions the ticket number, and ends with a period.
  • I have checked the "Has patch" ticket flag in the Trac system.
  • I have added or updated relevant tests.
  • I have added or updated relevant docs, including release notes if applicable.
  • I have attached screenshots in both light and dark modes for any UI changes.

@sarahboyce sarahboyce changed the title Fixed regression for extra password validation in forms inheriting from SetPassword Fixed #35477 - Fixed field required validation in forms inheriting from SetPassword. May 24, 2024
@sarahboyce sarahboyce changed the title Fixed #35477 - Fixed field required validation in forms inheriting from SetPassword. Fixed #35477 -- Fixed field required validation in forms inheriting from SetPassword. May 24, 2024
@sarahboyce
Copy link
Contributor

Thank you for the PR @fsbraun
@uri-rodberg does this work for you?

nessita
nessita reviewed May 24, 2024
View reviewed changes
Copy link
Contributor

@nessita nessita left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @fsbraun, thank you for your speedy work on this!

Could you please ensure that there is a test for every form inheriting from SetPasswordMixin? (BaseUserCreationForm, SetPasswordForm and AdminPasswordChangeForm)

@fsbraun fsbraun force-pushed the ticket_35477 branch 2 times, most recently from f1d2ab9 to 1693f3b Compare May 24, 2024 12:27
@fsbraun
Copy link
Contributor Author

fsbraun commented May 24, 2024

@nessita Done!

@uri-rodberg
Copy link
Contributor

Thank you for the PR @fsbraun@uri-rodberg does this work for you?

How do I install this version with pip?

@fsbraun
Copy link
Contributor Author

fsbraun commented May 24, 2024

Try pip install git+https://github.com/fsbraun/django@ticket_35477

@uri-rodberg
Copy link
Contributor

Thank you for the PR @fsbraun@uri-rodberg does this work for you?

This version works. Thank you.

@nessita nessita self-requested a review May 27, 2024 13:40
nessita
nessita requested changes May 27, 2024
View reviewed changes
Copy link
Contributor

@nessita nessita left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @fsbraun, thanks for adding tests! Could you please rename and move each test to its specific test class? Otherwise we get tests for other forms inside SetPasswordFormTest which is about the form and not the mixin.

The relevant test cases are:

  • SetPasswordFormTest (for SetPasswordForm)
  • BaseUserCreationFormTest (for BaseUserCreationForm)
  • AdminPasswordChangeFormTest (for AdminPasswordChangeForm)

I also added a comment about an untested change. Thank you! 🌟

@fsbraun fsbraun force-pushed the ticket_35477 branch 2 times, most recently from 35cf874 to c1673d6 Compare May 28, 2024 06:15
@fsbraun @nessita
Fixed #35477 -- Corrected 'required' errors in auth password set/chan…
17147a8 
…ge forms.

The auth forms using SetPasswordMixin were incorrectly including the
'This field is required.' error when additional validations (e.g.,
overriding `clean_password1`) were performed and failed.
This fix ensures accurate error reporting for password fields.

Co-authored-by: Natalia <[email protected]>
nessita
nessita approved these changes May 30, 2024
View reviewed changes
Copy link
Contributor

@nessita nessita left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you @fsbraun for the fixes.

I have made some tweaks because I wasn't comfortable with the weakening of the if guard to == "". Additionally, I removed the call to validate_password in the custom forms (in the tests) as I think it caused some confusion. It was only when I realized that the specifics of what happens inside a clean_* method are not relevant that I understood the important part: the key is to raise any validation error inside the clean field method, and so the password field is no longer present inside cleaned_data leading to the fixed issue.

@nessita nessita merged commit 339977d into django:main May 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nessita nessita nessita approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@fsbraun @sarahboyce @uri-rodberg @nessita