Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strip username spaces #106

Merged
merged 4 commits into from
Nov 8, 2017
Merged

Strip username spaces #106

merged 4 commits into from
Nov 8, 2017

Conversation

dodobas
Copy link
Contributor

@dodobas dodobas commented Nov 8, 2017
edited
Loading

This is a bug fix for: https://github.com/rapidpro/rapidpro/issues/390

We should think about refactoring tests and create isolated tests, because these 'all-in-one' are hard to debug and context changes throughout the single test method

nicpottier
nicpottier requested changes Nov 8, 2017
View reviewed changes
smartmin/users/views.py
username = request.POST['username']
# we are using AuthenticationForm in which username is CharField with strip=True that automatically strips
# whitespace characters, we need to copy that behaviour
username = request.POST['username'].strip()
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this method was probably copy/pasted long ago from an example Django login doc.. but, should we just be creating the form here and initializing it with the form POST variables, calling validate and then using cleaned_data? IE, doing it the django way instead of introspecting the POST variables directly? That feels more correct to me.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we added the failed login count logic in here too

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Another plus to using the form here is that then it is up to the form to figure out to strip or not, so it can be up to users/callers to choose what they care about here.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there is one small issue with using AuthenticationForm(request=request) ... it will try to authenticate user as part of the clean process: https://github.com/django/django/blob/1.11.6/django/contrib/auth/forms.py#L187

if the user can not be authenticated, form is not valid, and that prevents 'failed login count logic' for valid users ... in the end we still need to get the username and strip it, because invalid forms do not have cleaned_data property, so we must use raw input

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh good catch, well shoot, ya then I guess what we're doing is the best we can do.

@nicpottier nicpottier merged commit 5cb2c18 into master Nov 8, 2017
@nicpottier nicpottier deleted the strip_username_spaces branch November 8, 2017 22:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@norkans7 norkans7 norkans7 left review comments

@nicpottier nicpottier nicpottier approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dodobas @nicpottier @norkans7