Opened 16 years ago
Closed 16 years ago
#9803 closed (invalid)
AuthenticationForm not showing errors.
Reported by: | anonymous | Owned by: | nobody |
---|---|---|---|
Component: | Uncategorized | Version: | 1.0 |
Severity: | Keywords: | ||
Cc: | Triage Stage: | Unreviewed | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The view:
def userlogin(request): if request.method == "POST": form = forms.AuthenticationForm(request.POST) if form.is_valid(): return HttpResponseRedirect(request.GET['next']) else: form = forms.AuthenticationForm() return render_to_response("login.html", { "form": form, "style": request.GET.get("style"), "title": "login", "path": request.path })
The template:
{% extends "template.html" %} {% block content %} <h3>login...</h3> <h4>browse anonymously otherwise.</h4> <hr /> {{ form.errors }} <form method="POST" action="."> <dl> <dt>{{ form.username.label_tag }}</dt> <dd>{{ form.username }}</dd> <dt>{{ form.password.label_tag }}</dt> <dd>{{ form.password }}</dd> </dl> <input type="submit" value="login" /> <input type="hidden" name="next" value="{{ next }}" /> </form> {% endblock %}
Change History (2)
comment:1 by , 16 years ago
comment:2 by , 16 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
Although no import is shown I'm assuming django.contrib.auth.forms.AuthenticationForm
is what's being used here.
The fields are required, see: http://code.djangoproject.com/browser/django/tags/releases/1.0/django/contrib/auth/forms.py#L54
where no required=False is specified for the fields so they are both required by default. The problem with the posted code is the request.POST dictionary is being given as the first positional parameter, but for this form the first positional parameter is expected to be a request object. So the form that is created is not bound, meaning is_valid() will be false but also it won't have any errors. Either pass request in as the first positional parameter (it's apparently used to ensure cookies are working) or pass request.POST as data=request.POST.
To be clear, while his example has slight issues (like not showing per-field errors), the form itself doesn't validate if you don't provide both user AND password.
So if you leave both blank, or leave one blank, you get back a form with no errors, no matter how you display it.
Only if you give both will it bother trying to validate - the fields should at least be required so they'll error when empty.