Re: [Django] #36140: UserCreationForm doesn't allow empty password even if password fields are specified as "not required"

[Django]

#36140: UserCreationForm doesn't allow empty password even if password fields 
are
specified as "not required"
-------------------------------------+-------------------------------------
     Reporter:  buffgecko12          |                    Owner:  (none)
         Type:  Bug                  |                   Status:  new
    Component:  contrib.auth         |                  Version:  5.1
     Severity:  Release blocker      |               Resolution:
     Keywords:  form                 |             Triage Stage:  Accepted
  usercreationform validation        |
    Has patch:  0                    |      Needs documentation:  0
  Needs tests:  0                    |  Patch needs improvement:  0
Easy pickings:  0                    |                    UI/UX:  0
-------------------------------------+-------------------------------------
Comment (by Antoliny):

 I looked into this issue.
 I think this issue occurs because when usable_password key is not present
 in cleaned_data, the usable_password variable is set to True, causing the
 validation to be performed.
 {{{#!diff
 diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
 index cd177fa5b6..caddd6a672 100644
 --- a/django/contrib/auth/forms.py
 +++ b/django/contrib/auth/forms.py
 @@ -200,7 +200,8 @@ class SetUnusablePasswordMixin:
          **kwargs,
      ):
          usable_password = (
 -            self.cleaned_data.pop(usable_password_field_name, None) !=
 "false"
 +            (self.cleaned_data.get("password2", "") != "")
 +            or (self.cleaned_data.pop(usable_password_field_name,
 "false") != "false")
          )
          self.cleaned_data["set_usable_password"] = usable_password
 }}}
 I modified the default value as above and adjusted the usable_password
 assignment value based on the presence of password2. I'm not sure if this
 is the best solution, but I hope it helps you.
-- 
Ticket URL: <https://code.djangoproject.com/ticket/36140#comment:7>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/django-updates/01070194b154bd12-6b8d1a3f-3d80-45f6-a523-1d57cfb890c3-000000%40eu-central-1.amazonses.com.