Fixed -- Allowed using contrib.auth forms without installing contrib.auth.

Also fixed  -- Allowed UserCreationForm and UserChangeForm to
work with custom user models.

Thanks Sagar Chalise and Rômulo Collopy for reports, and Tim Graham
and Tim Martin for reviews.
This commit is contained in:
shanghui 2017-11-15 20:27:53 +08:00 committed by Tim Graham
parent 44c5b239e0
commit 3333d935d2
5 changed files with 136 additions and 60 deletions
django/contrib/auth
docs
tests/auth_tests

View File

@ -7,7 +7,6 @@ from django.contrib.auth import (
from django.contrib.auth.hashers import ( from django.contrib.auth.hashers import (
UNUSABLE_PASSWORD_PREFIX, identify_hasher, UNUSABLE_PASSWORD_PREFIX, identify_hasher,
) )
from django.contrib.auth.models import User
from django.contrib.auth.tokens import default_token_generator from django.contrib.auth.tokens import default_token_generator
from django.contrib.sites.shortcuts import get_current_site from django.contrib.sites.shortcuts import get_current_site
from django.core.mail import EmailMultiAlternatives from django.core.mail import EmailMultiAlternatives
@ -83,9 +82,9 @@ class UserCreationForm(forms.ModelForm):
) )
class Meta: class Meta:
model = User model = UserModel
fields = ("username",) fields = (UserModel.USERNAME_FIELD,)
field_classes = {'username': UsernameField} field_classes = {UserModel.USERNAME_FIELD: UsernameField}
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)
@ -132,9 +131,9 @@ class UserChangeForm(forms.ModelForm):
) )
class Meta: class Meta:
model = User model = UserModel
fields = '__all__' fields = '__all__'
field_classes = {'username': UsernameField} field_classes = {UserModel.USERNAME_FIELD: UsernameField}
def __init__(self, *args, **kwargs): def __init__(self, *args, **kwargs):
super().__init__(*args, **kwargs) super().__init__(*args, **kwargs)

View File

@ -48,6 +48,10 @@ Minor features
* :djadmin:`createsuperuser` now gives a prompt to allow bypassing the * :djadmin:`createsuperuser` now gives a prompt to allow bypassing the
:setting:`AUTH_PASSWORD_VALIDATORS` checks. :setting:`AUTH_PASSWORD_VALIDATORS` checks.
* :class:`~django.contrib.auth.forms.UserCreationForm` and
:class:`~django.contrib.auth.forms.UserChangeForm` no longer need to be
rewritten for a custom user model.
:mod:`django.contrib.contenttypes` :mod:`django.contrib.contenttypes`
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

View File

@ -820,11 +820,20 @@ are working with.
The following forms are compatible with any subclass of The following forms are compatible with any subclass of
:class:`~django.contrib.auth.models.AbstractBaseUser`: :class:`~django.contrib.auth.models.AbstractBaseUser`:
* :class:`~django.contrib.auth.forms.AuthenticationForm`: Uses the username * :class:`~django.contrib.auth.forms.AuthenticationForm`
field specified by :attr:`~models.CustomUser.USERNAME_FIELD`.
* :class:`~django.contrib.auth.forms.SetPasswordForm` * :class:`~django.contrib.auth.forms.SetPasswordForm`
* :class:`~django.contrib.auth.forms.PasswordChangeForm` * :class:`~django.contrib.auth.forms.PasswordChangeForm`
* :class:`~django.contrib.auth.forms.AdminPasswordChangeForm` * :class:`~django.contrib.auth.forms.AdminPasswordChangeForm`
* :class:`~django.contrib.auth.forms.UserCreationForm`
* :class:`~django.contrib.auth.forms.UserChangeForm`
The forms that handle a username use the username field specified by
:attr:`~models.CustomUser.USERNAME_FIELD`.
.. versionchanged:: 2.1
In older versions, ``UserCreationForm`` and ``UserChangeForm`` need to be
rewritten to work with custom user models.
The following forms make assumptions about the user model and can be used as-is The following forms make assumptions about the user model and can be used as-is
if those assumptions are met: if those assumptions are met:
@ -835,25 +844,6 @@ if those assumptions are met:
default) that can be used to identify the user and a boolean field named default) that can be used to identify the user and a boolean field named
``is_active`` to prevent password resets for inactive users. ``is_active`` to prevent password resets for inactive users.
Finally, the following forms are tied to
:class:`~django.contrib.auth.models.User` and need to be rewritten or extended
to work with a custom user model:
* :class:`~django.contrib.auth.forms.UserCreationForm`
* :class:`~django.contrib.auth.forms.UserChangeForm`
If your custom user model is a simple subclass of ``AbstractUser``, then you
can extend these forms in this manner::
from django.contrib.auth.forms import UserCreationForm
from myapp.models import CustomUser
class CustomUserCreationForm(UserCreationForm):
class Meta(UserCreationForm.Meta):
model = CustomUser
fields = UserCreationForm.Meta.fields + ('custom_field',)
Custom users and :mod:`django.contrib.admin` Custom users and :mod:`django.contrib.admin`
-------------------------------------------- --------------------------------------------

View File

@ -1486,9 +1486,12 @@ provides several built-in forms located in :mod:`django.contrib.auth.forms`:
A :class:`~django.forms.ModelForm` for creating a new user. A :class:`~django.forms.ModelForm` for creating a new user.
It has three fields: ``username`` (from the user model), ``password1``, It has three fields: one named after the
and ``password2``. It verifies that ``password1`` and ``password2`` match, :attr:`~django.contrib.auth.models.CustomUser.USERNAME_FIELD` from the
validates the password using user model, and ``password1`` and ``password2``.
It verifies that ``password1`` and ``password2`` match, validates the
password using
:func:`~django.contrib.auth.password_validation.validate_password`, and :func:`~django.contrib.auth.password_validation.validate_password`, and
sets the user's password using sets the user's password using
:meth:`~django.contrib.auth.models.User.set_password()`. :meth:`~django.contrib.auth.models.User.set_password()`.

View File

@ -1,7 +1,9 @@
import datetime import datetime
import re import re
from importlib import reload
from unittest import mock from unittest import mock
import django
from django import forms from django import forms
from django.contrib.auth.forms import ( from django.contrib.auth.forms import (
AdminPasswordChangeForm, AuthenticationForm, PasswordChangeForm, AdminPasswordChangeForm, AuthenticationForm, PasswordChangeForm,
@ -11,7 +13,7 @@ from django.contrib.auth.forms import (
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.contrib.auth.signals import user_login_failed from django.contrib.auth.signals import user_login_failed
from django.contrib.sites.models import Site from django.contrib.sites.models import Site
from django.core import mail from django.core import mail, signals
from django.core.mail import EmailMultiAlternatives from django.core.mail import EmailMultiAlternatives
from django.forms.fields import CharField, Field, IntegerField from django.forms.fields import CharField, Field, IntegerField
from django.test import SimpleTestCase, TestCase, override_settings from django.test import SimpleTestCase, TestCase, override_settings
@ -27,6 +29,24 @@ from .models.with_integer_username import IntegerUsernameUser
from .settings import AUTH_TEMPLATES from .settings import AUTH_TEMPLATES
def reload_auth_forms(sender, setting, value, enter, **kwargs):
if setting == 'AUTH_USER_MODEL':
reload(django.contrib.auth.forms)
class ReloadFormsMixin:
@classmethod
def setUpClass(cls):
super().setUpClass()
signals.setting_changed.connect(reload_auth_forms)
@classmethod
def tearDownClass(cls):
signals.setting_changed.disconnect(reload_auth_forms)
super().tearDownClass()
class TestDataMixin: class TestDataMixin:
@classmethod @classmethod
@ -37,9 +57,10 @@ class TestDataMixin:
cls.u4 = User.objects.create(username='empty_password', password='') cls.u4 = User.objects.create(username='empty_password', password='')
cls.u5 = User.objects.create(username='unmanageable_password', password='$') cls.u5 = User.objects.create(username='unmanageable_password', password='$')
cls.u6 = User.objects.create(username='unknown_password', password='foo$bar') cls.u6 = User.objects.create(username='unknown_password', password='foo$bar')
cls.u7 = ExtensionUser.objects.create(username='extension_client', date_of_birth='1998-02-24')
class UserCreationFormTest(TestDataMixin, TestCase): class UserCreationFormTest(ReloadFormsMixin, TestDataMixin, TestCase):
def test_user_already_exists(self): def test_user_already_exists(self):
data = { data = {
@ -175,9 +196,12 @@ class UserCreationFormTest(TestDataMixin, TestCase):
) )
def test_custom_form(self): def test_custom_form(self):
with override_settings(AUTH_USER_MODEL='auth_tests.ExtensionUser'):
from django.contrib.auth.forms import UserCreationForm
self.assertEqual(UserCreationForm.Meta.model, ExtensionUser)
class CustomUserCreationForm(UserCreationForm): class CustomUserCreationForm(UserCreationForm):
class Meta(UserCreationForm.Meta): class Meta(UserCreationForm.Meta):
model = ExtensionUser
fields = UserCreationForm.Meta.fields + ('date_of_birth',) fields = UserCreationForm.Meta.fields + ('date_of_birth',)
data = { data = {
@ -188,6 +212,9 @@ class UserCreationFormTest(TestDataMixin, TestCase):
} }
form = CustomUserCreationForm(data) form = CustomUserCreationForm(data)
self.assertTrue(form.is_valid()) self.assertTrue(form.is_valid())
# reload_auth_forms() reloads the form.
from django.contrib.auth.forms import UserCreationForm
self.assertEqual(UserCreationForm.Meta.model, User)
def test_custom_form_with_different_username_field(self): def test_custom_form_with_different_username_field(self):
class CustomUserCreationForm(UserCreationForm): class CustomUserCreationForm(UserCreationForm):
@ -261,6 +288,30 @@ class UserCreationFormTest(TestDataMixin, TestCase):
['The password is too similar to the first name.'], ['The password is too similar to the first name.'],
) )
def test_with_custom_user_model(self):
with override_settings(AUTH_USER_MODEL='auth_tests.ExtensionUser'):
data = {
'username': 'test_username',
'password1': 'test_password',
'password2': 'test_password',
}
from django.contrib.auth.forms import UserCreationForm
self.assertEqual(UserCreationForm.Meta.model, ExtensionUser)
form = UserCreationForm(data)
self.assertTrue(form.is_valid())
def test_customer_user_model_with_different_username_field(self):
with override_settings(AUTH_USER_MODEL='auth_tests.CustomUser'):
from django.contrib.auth.forms import UserCreationForm
self.assertEqual(UserCreationForm.Meta.model, CustomUser)
data = {
'email': 'testchange@test.com',
'password1': 'test_password',
'password2': 'test_password',
}
form = UserCreationForm(data)
self.assertTrue(form.is_valid())
class AuthenticationFormTest(TestDataMixin, TestCase): class AuthenticationFormTest(TestDataMixin, TestCase):
@ -605,7 +656,7 @@ class PasswordChangeFormTest(TestDataMixin, TestCase):
self.assertEqual(form.cleaned_data['new_password2'], data['new_password2']) self.assertEqual(form.cleaned_data['new_password2'], data['new_password2'])
class UserChangeFormTest(TestDataMixin, TestCase): class UserChangeFormTest(ReloadFormsMixin, TestDataMixin, TestCase):
def test_username_validity(self): def test_username_validity(self):
user = User.objects.get(username='testclient') user = User.objects.get(username='testclient')
@ -679,22 +730,51 @@ class UserChangeFormTest(TestDataMixin, TestCase):
self.assertEqual(form.initial['password'], form['password'].value()) self.assertEqual(form.initial['password'], form['password'].value())
def test_custom_form(self): def test_custom_form(self):
with override_settings(AUTH_USER_MODEL='auth_tests.ExtensionUser'):
from django.contrib.auth.forms import UserChangeForm
self.assertEqual(UserChangeForm.Meta.model, ExtensionUser)
class CustomUserChangeForm(UserChangeForm): class CustomUserChangeForm(UserChangeForm):
class Meta(UserChangeForm.Meta): class Meta(UserChangeForm.Meta):
model = ExtensionUser fields = ('username', 'password', 'date_of_birth')
fields = ('username', 'password', 'date_of_birth',)
user = User.objects.get(username='testclient')
data = { data = {
'username': 'testclient', 'username': 'testclient',
'password': 'testclient', 'password': 'testclient',
'date_of_birth': '1998-02-24', 'date_of_birth': '1998-02-24',
} }
form = CustomUserChangeForm(data, instance=user) form = CustomUserChangeForm(data, instance=self.u7)
self.assertTrue(form.is_valid()) self.assertTrue(form.is_valid())
form.save() form.save()
self.assertEqual(form.cleaned_data['username'], 'testclient') self.assertEqual(form.cleaned_data['username'], 'testclient')
self.assertEqual(form.cleaned_data['date_of_birth'], datetime.date(1998, 2, 24)) self.assertEqual(form.cleaned_data['date_of_birth'], datetime.date(1998, 2, 24))
# reload_auth_forms() reloads the form.
from django.contrib.auth.forms import UserChangeForm
self.assertEqual(UserChangeForm.Meta.model, User)
def test_with_custom_user_model(self):
with override_settings(AUTH_USER_MODEL='auth_tests.ExtensionUser'):
from django.contrib.auth.forms import UserChangeForm
self.assertEqual(UserChangeForm.Meta.model, ExtensionUser)
data = {
'username': 'testclient',
'date_joined': '1998-02-24',
'date_of_birth': '1998-02-24',
}
form = UserChangeForm(data, instance=self.u7)
self.assertTrue(form.is_valid())
def test_customer_user_model_with_different_username_field(self):
with override_settings(AUTH_USER_MODEL='auth_tests.CustomUser'):
from django.contrib.auth.forms import UserChangeForm
self.assertEqual(UserChangeForm.Meta.model, CustomUser)
user = CustomUser.custom_objects.create(email='test@test.com', date_of_birth='1998-02-24')
data = {
'email': 'testchange@test.com',
'date_of_birth': '1998-02-24',
}
form = UserChangeForm(data, instance=user)
self.assertTrue(form.is_valid())
@override_settings(TEMPLATES=AUTH_TEMPLATES) @override_settings(TEMPLATES=AUTH_TEMPLATES)