Fixed django#7833 -- Improved UserCreationForm password validation

Make UserCreationForm password validation similar to SetPasswordForm and AdminPasswordChangeForm, so as the match check is only done when both passwords are supplied. Thanks Mitar for the suggestion.
five3 · Aug 4, 2012 · 09a719a · 09a719a
1 parent 121fd10
commit 09a719a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 3 deletions.
diff --git a/django/contrib/auth/forms.py b/django/contrib/auth/forms.py
@@ -89,9 +89,9 @@ def clean_username(self):
         raise forms.ValidationError(self.error_messages['duplicate_username'])
 
     def clean_password2(self):
-        password1 = self.cleaned_data.get("password1", "")
-        password2 = self.cleaned_data["password2"]
-        if password1 != password2:
+        password1 = self.cleaned_data.get("password1")
+        password2 = self.cleaned_data.get("password2")
+        if password1 and password2 and password1 != password2:
             raise forms.ValidationError(
                 self.error_messages['password_mismatch'])
         return password2

diff --git a/django/contrib/auth/tests/forms.py b/django/contrib/auth/tests/forms.py
@@ -65,6 +65,7 @@ def test_both_passwords(self):
         form = UserCreationForm(data)
         self.assertFalse(form.is_valid())
         self.assertEqual(form['password1'].errors, required_error)
+        self.assertEqual(form['password2'].errors, [])
 
     def test_success(self):
         # The success case.