Re: ModelForm based on User allows any username without checking
Hi Bastian, you need to define the restrictions on the username field. It can be done by including the code below inside usernameForm. This code is from django/contrib/auth/forms.py -> UserCreationForm, you can refer it to understand further. username = forms.RegexField(label="Username", max_length=30, regex=r'^[\w.@+-]+$', help_text="Required. 30 characters or fewer. Letters, digits and " "@/./+/-/_ only.", error_messages={ 'invalid': "This value may contain only letters, numbers and " "@/./+/-/_ characters."}) thanks, -pavan On Apr 4, 7:36 pm, Bastian wrote: > Hi, > > I have a form that asks the registering user to choose a username. That > form is a ModelForm based on the django.contrib.auth.models Users: > > class usernameForm(forms.ModelForm): > class Meta: > model = User > fields = ('username', ) > > The strange thing is that when it appears on the page it comes with the > warning that says no more than 30 characters... but it actually does not > check anything. I tried to enter whatever username, with spaces and () and > in the view when I ask if form.is_valid() it returns True all the time! > > Obviously this must be a mistake on my side somewhere but on such a simple > setup I don't see where I am wrong, any idea welcome. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: ModelForm based on User allows any username without checking
Yes that's what I ended up doing but isn't it supposed to be automatic, coming from the restrictions of the model since it's a ModelForm? On Thursday, April 5, 2012 7:51:14 PM UTC+2, Pavan Verma wrote: > > Hi Bastian, > you need to define the restrictions on the username field. It can be > done by including the code below inside usernameForm. This code is > from django/contrib/auth/forms.py -> UserCreationForm, you can refer > it to understand further. > > username = forms.RegexField(label="Username", max_length=30, > regex=r'^[\w.@+-]+$', > help_text="Required. 30 characters or fewer. Letters, digits > and " > "@/./+/-/_ only.", > error_messages={ > 'invalid': "This value may contain only letters, numbers > and " > "@/./+/-/_ characters."}) > > thanks, > -pavan > > On Apr 4, 7:36 pm, Bastian wrote: > > Hi, > > > > I have a form that asks the registering user to choose a username. That > > form is a ModelForm based on the django.contrib.auth.models Users: > > > > class usernameForm(forms.ModelForm): > > class Meta: > > model = User > > fields = ('username', ) > > > > The strange thing is that when it appears on the page it comes with the > > warning that says no more than 30 characters... but it actually does not > > check anything. I tried to enter whatever username, with spaces and () > and > > in the view when I ask if form.is_valid() it returns True all the time! > > > > Obviously this must be a mistake on my side somewhere but on such a > simple > > setup I don't see where I am wrong, any idea welcome. -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/Ab9goWGkzSAJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: ModelForm based on User allows any username without checking
I went through django/contrib/auth/models.py to check the definition of the User model. I don't see this file defining any restrictions on what a username can be. So, I think the form is the place (and possibly the only place) which defines and enforces restrictions on what the username can be. Interestingly, the help_text for User.username is the following: help_text=_('Required. 30 characters or fewer. Letters, numbers and ' '@/./+/-/_ characters')) But this restriction in neither defined nor enforced in the User model class. > isn't it supposed to be automatic, coming from the restrictions of the model > since it's a ModelForm? I didn't understand this comment. Why would you think ModelForm has anything to do with it? As in, why would ModelForm know anything about User.username. thanks, -pavan On Apr 10, 12:53 am, Bastian wrote: > Yes that's what I ended up doing but isn't it supposed to be automatic, > coming from the restrictions of the model since it's a ModelForm? > > On Thursday, April 5, 2012 7:51:14 PM UTC+2, Pavan Verma wrote: > > > Hi Bastian, > > you need to define the restrictions on the username field. It can be > > done by including the code below inside usernameForm. This code is > > from django/contrib/auth/forms.py -> UserCreationForm, you can refer > > it to understand further. > > > username = forms.RegexField(label="Username", max_length=30, > > regex=r'^[\w.@+-]+$', > > help_text="Required. 30 characters or fewer. Letters, digits > > and " > > "@/./+/-/_ only.", > > error_messages={ > > 'invalid': "This value may contain only letters, numbers > > and " > > "@/./+/-/_ characters."}) > > > thanks, > > -pavan > > > On Apr 4, 7:36 pm, Bastian wrote: > > > Hi, > > > > I have a form that asks the registering user to choose a username. That > > > form is a ModelForm based on the django.contrib.auth.models Users: > > > > class usernameForm(forms.ModelForm): > > > class Meta: > > > model = User > > > fields = ('username', ) > > > > The strange thing is that when it appears on the page it comes with the > > > warning that says no more than 30 characters... but it actually does not > > > check anything. I tried to enter whatever username, with spaces and () > > and > > > in the view when I ask if form.is_valid() it returns True all the time! > > > > Obviously this must be a mistake on my side somewhere but on such a > > simple > > > setup I don't see where I am wrong, any idea welcome. -- You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.
Re: ModelForm based on User allows any username without checking
I assumed restrictions would apply at model level but it's not the case. About the ModelForm, isn't it the point of using a ModelForm? (with the User model as shown in the example of course) that it inherits from the model and automatically creates the right fields, widgets, and restrictions? regards, Bastian On Tuesday, April 10, 2012 8:51:18 AM UTC+2, Pavan Verma wrote: > > I went through django/contrib/auth/models.py to check the definition > of the User model. I don't see this file defining any restrictions on > what a username can be. So, I think the form is the place (and > possibly the only place) which defines and enforces restrictions on > what the username can be. > > Interestingly, the help_text for User.username is the following: > > help_text=_('Required. 30 characters or fewer. Letters, > numbers and ' > '@/./+/-/_ characters')) > > But this restriction in neither defined nor enforced in the User model > class. > > > > isn't it supposed to be automatic, coming from the restrictions of the > model since it's a ModelForm? > > I didn't understand this comment. Why would you think ModelForm has > anything to do with it? As in, why would ModelForm know anything about > User.username. > > > thanks, > -pavan > > > On Apr 10, 12:53 am, Bastian wrote: > > Yes that's what I ended up doing but isn't it supposed to be automatic, > > coming from the restrictions of the model since it's a ModelForm? > > > > On Thursday, April 5, 2012 7:51:14 PM UTC+2, Pavan Verma wrote: > > > > > Hi Bastian, > > > you need to define the restrictions on the username field. It can be > > > done by including the code below inside usernameForm. This code is > > > from django/contrib/auth/forms.py -> UserCreationForm, you can refer > > > it to understand further. > > > > > username = forms.RegexField(label="Username", max_length=30, > > > regex=r'^[\w.@+-]+$', > > > help_text="Required. 30 characters or fewer. Letters, digits > > > and " > > > "@/./+/-/_ only.", > > > error_messages={ > > > 'invalid': "This value may contain only letters, numbers > > > and " > > > "@/./+/-/_ characters."}) > > > > > thanks, > > > -pavan > > > > > On Apr 4, 7:36 pm, Bastian wrote: > > > > Hi, > > > > > > I have a form that asks the registering user to choose a username. > That > > > > form is a ModelForm based on the django.contrib.auth.models Users: > > > > > > class usernameForm(forms.ModelForm): > > > > class Meta: > > > > model = User > > > > fields = ('username', ) > > > > > > The strange thing is that when it appears on the page it comes with > the > > > > warning that says no more than 30 characters... but it actually does > not > > > > check anything. I tried to enter whatever username, with spaces and > () > > > and > > > > in the view when I ask if form.is_valid() it returns True all the > time! > > > > > > Obviously this must be a mistake on my side somewhere but on such a > > > simple > > > > setup I don't see where I am wrong, any idea welcome. -- You received this message because you are subscribed to the Google Groups "Django users" group. To view this discussion on the web visit https://groups.google.com/d/msg/django-users/-/6JDVO0XZEjMJ. To post to this group, send email to django-users@googlegroups.com. To unsubscribe from this group, send email to django-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-users?hl=en.