#37209: `UserAttributeSimilarityValidator` uses unordered string comparison
------------------------------------------+--------------------------------
Reporter: Terence Honles | Owner: Terence Honles
Type: Bug | Status: assigned
Component: contrib.auth | Version:
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------+--------------------------------
`UserAttributeSimilarityValidator` only uses the
`SequenceMatcher.quick_ratio` method (which uses an unordered comparison
of two strings and is only intended to be used as an upper bound)
This causes what I would consider "false positives" for strings that are
not actually similar (any anagram will produce a ratio of 1 (exactly
equal)).
I discovered this because we had a flaky test in our CI (with a user
having attributes generated using Faker) and I finally spent some time to
investigate the flaky test. The two strings (lowercased) were "andrews"
and "new-password", which lead me to wonder how those could be considered
70% similar.
I have added a test with the anagrams: "enumerations" & "mountaineers"
--
Ticket URL: <
https://code.djangoproject.com/ticket/37209>
Django <
https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.