Opened 16 years ago

Closed 16 years ago

#9803 closed (invalid)

AuthenticationForm not showing errors.

Reported by: anonymous Owned by: nobody
Component: Uncategorized Version: 1.0
Severity: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The view:

def userlogin(request):
	if request.method == "POST":
		form = forms.AuthenticationForm(request.POST)
		if form.is_valid():
			return HttpResponseRedirect(request.GET['next'])
	else:
		form = forms.AuthenticationForm()
	return render_to_response("login.html",
	{
		"form":		form,
		"style":	request.GET.get("style"),
		"title":	"login",
		"path":		request.path
	})

The template:

{% extends "template.html" %}

{% block content %}
					<h3>login...</h3>
					<h4>browse anonymously otherwise.</h4>
					<hr />
					{{ form.errors }}
					<form method="POST" action=".">
						<dl>
							<dt>{{ form.username.label_tag }}</dt>
							<dd>{{ form.username }}</dd>
							<dt>{{ form.password.label_tag }}</dt>
							<dd>{{ form.password }}</dd>
						</dl>
						<input type="submit" value="login" />
						<input type="hidden" name="next" value="{{ next }}" />
					</form>
{% endblock %}

Change History (2)

comment:1 by Collin Grady, 16 years ago

To be clear, while his example has slight issues (like not showing per-field errors), the form itself doesn't validate if you don't provide both user AND password.

So if you leave both blank, or leave one blank, you get back a form with no errors, no matter how you display it.

Only if you give both will it bother trying to validate - the fields should at least be required so they'll error when empty.

comment:2 by Karen Tracey, 16 years ago

Resolution: invalid
Status: newclosed

Although no import is shown I'm assuming django.contrib.auth.forms.AuthenticationForm is what's being used here.

The fields are required, see: http://code.djangoproject.com/browser/django/tags/releases/1.0/django/contrib/auth/forms.py#L54

where no required=False is specified for the fields so they are both required by default. The problem with the posted code is the request.POST dictionary is being given as the first positional parameter, but for this form the first positional parameter is expected to be a request object. So the form that is created is not bound, meaning is_valid() will be false but also it won't have any errors. Either pass request in as the first positional parameter (it's apparently used to ensure cookies are working) or pass request.POST as data=request.POST.

Note: See TracTickets for help on using tickets.
Back to Top