[Django] #26133: AbstractBaseUser missing password validaton
Django
-------------------------------+--------------------
Reporter: hacknaked | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.auth | Version: 1.9
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
Using the new password validation framework, it looks like
{{{AbstractBaseUser}}} does not call password validators defined in
{{{settings.py}}}:
{{{
# django.contrib.auth.models.py
class AbstractBaseUser(models.Model):
password = models.CharField(_('password'), max_length=128)
}}}
I'd expect something like this in the above line:
{{{
class AbstractBaseUser(models.Model):
password = models.CharField(_('password'), max_length=128,
validators=validators_list())
}}}
This issue is related to #25052, but I'm not sure.
--
Ticket URL: <https://code.djangoproject.com/ticket/26133>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: hacknaked | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.auth | Version: 1.9
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by hacknaked):
* needs_better_patch: => 0
* needs_tests: => 0
* needs_docs: => 0
Old description:
> Using the new password validation framework, it looks like
> {{{AbstractBaseUser}}} does not call password validators defined in
> {{{settings.py}}}:
>
> {{{
> # django.contrib.auth.models.py
>
> class AbstractBaseUser(models.Model):
> password = models.CharField(_('password'), max_length=128)
> }}}
>
> I'd expect something like this in the above line:
>
> {{{
> class AbstractBaseUser(models.Model):
> password = models.CharField(_('password'), max_length=128,
> validators=validators_list())
> }}}
>
> This issue is related to #25052, but I'm not sure.
New description:
Using the new password validation framework, it looks like
{{{AbstractBaseUser}}} does not call password validators defined in
{{{settings.py}}}:
{{{
# django.contrib.auth.models.py
class AbstractBaseUser(models.Model):
password = models.CharField(_('password'), max_length=128)
...
}}}
I'd expect something like this in the above line:
{{{
class AbstractBaseUser(models.Model):
password = models.CharField(_('password'), max_length=128,
validators=validators_list())
}}}
This issue is related to #25052, but I'm not sure.
--
--
Ticket URL: <https://code.djangoproject.com/ticket/26133#comment:1>
Django
Reporter: hacknaked | Owner: nobody
Type: Uncategorized | Status: new
Component: contrib.auth | Version: 1.9
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Comment (by timgraham):
I'm not sure how/if that would work because the final value for `password`
is the hashed password and that's not the one we want to validate. Can you
describe or give example code of the case where you're seeing validation
is missing?
--
Ticket URL: <https://code.djangoproject.com/ticket/26133#comment:2>
Django
Reporter: hacknaked | Owner: nobody
Type: Uncategorized | Status: closed
Component: contrib.auth | Version: 1.9
Severity: Normal | Resolution: invalid
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Easy pickings: 0 | UI/UX: 0
Changes (by hacknaked):
* status: new => closed
* resolution: => invalid
Comment:
You are right Tim, I got confused by the fact that validation is made not
only in Models but also in Forms and other places. Sorry for the noise.
--
Ticket URL: <https://code.djangoproject.com/ticket/26133#comment:3>