summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Pinkham <code@andrewsforge.com>2017-04-25 15:26:58 -0400
committerTim Graham <timograham@gmail.com>2017-06-21 09:22:15 -0400
commita96b981d84367fd41b1df40adf3ac9ca71a741dd (patch)
tree3349d324683d69d18fce2ac6e5260e73853ba1a1
parentb1cbbe926789bcfc2e118c7d7c7a0f30fab5248a (diff)
Fixed #28127 -- Allowed UserCreationForm's password validation to check all user fields.
-rw-r--r--django/contrib/auth/forms.py13
-rw-r--r--tests/auth_tests/test_forms.py22
2 files changed, 33 insertions, 2 deletions
diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
index 1d6d5e2743..a5de5bf650 100644
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@@ -100,10 +100,19 @@ class UserCreationForm(forms.ModelForm):
self.error_messages['password_mismatch'],
code='password_mismatch',
)
- self.instance.username = self.cleaned_data.get('username')
- password_validation.validate_password(self.cleaned_data.get('password2'), self.instance)
return password2
+ def _post_clean(self):
+ super()._post_clean()
+ # Validate the password after self.instance is updated with form data
+ # by super().
+ password = self.cleaned_data.get('password2')
+ if password:
+ try:
+ password_validation.validate_password(password, self.instance)
+ except forms.ValidationError as error:
+ self.add_error('password2', error)
+
def save(self, commit=True):
user = super().save(commit=False)
user.set_password(self.cleaned_data["password1"])
diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
index 05f1f41961..e5cd05d0d8 100644
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@@ -239,6 +239,28 @@ class UserCreationFormTest(TestDataMixin, TestCase):
'<ul><li>Your password can&#39;t be too similar to your other personal information.</li></ul>'
)
+ @override_settings(AUTH_PASSWORD_VALIDATORS=[
+ {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
+ ])
+ def test_user_create_form_validates_password_with_all_data(self):
+ """UserCreationForm password validation uses all of the form's data."""
+ class CustomUserCreationForm(UserCreationForm):
+ class Meta(UserCreationForm.Meta):
+ model = User
+ fields = ('username', 'email', 'first_name', 'last_name')
+ form = CustomUserCreationForm({
+ 'username': 'testuser',
+ 'password1': 'testpassword',
+ 'password2': 'testpassword',
+ 'first_name': 'testpassword',
+ 'last_name': 'lastname',
+ })
+ self.assertFalse(form.is_valid())
+ self.assertEqual(
+ form.errors['password2'],
+ ['The password is too similar to the first name.'],
+ )
+
# To verify that the login form rejects inactive users, use an authentication
# backend that allows them.