#25617: Disallow usernames that differ only in case in UserCreationForm
--------------------------------------+------------------------------------
Reporter: timgraham | Owner: nmundar
Type: Cleanup/optimization | Status: assigned
Component: contrib.auth | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Comment (by nmundar):
It's possible to achieve the effect described in this ticket by raising
ValidationError in UserCreationForm.clean_username. However, this
introduces one additional side-effect in tests of password validation
logic. UserAttributeSimilarityValidator will not be able to check if
username is similar to password because previously raised ValidationError
will make username attribute None in password validator and "The password
is too similar to the username." message will be missing from error list.
Since the username in this case has to be changed anyway, omitting this
message may not be relevant because password similarity check makes sense
only on valid usernames. That's the explanation why
auth_tests.test_forms.UserCreationFormTest.test_validates_password has to
be tweaked in the patch.
--
Ticket URL: <https://code.djangoproject.com/ticket/25617#comment:4>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.c1b8ce4ddcb5c3287cd62e8c3193bb63%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
