JagratiWebApp icon indicating copy to clipboard operation
JagratiWebApp copied to clipboard

Published 20 hours ago verified publisher icon garg3133

[bug]: form fields validation must be also done in backend

Open engineerscodes opened this issue 3 years ago • 9 comments

The issue is very simple you must validate form data in the backend just not in the front-end eg-Reg form I could edit the HTML form eg-email filed, I changed it to text and removed the pattern search HTML attribute check the image below Screenshot (120)

Screenshot (121)

Plz look into it

engineerscodes avatar May 28 '21 16:05 engineerscodes

Hi! Thanks for opening your first issue at JagratiWebApp :rocket: We really appreciate it. :raised_hands: Someone from our team will get back here soon.

Jagrati-Bot avatar May 28 '21 16:05 Jagrati-Bot

look at this line -https://github.com/garg3133/JagratiWebApp/blob/92b70b4d11976dfe6364db12bc0454843b2168cc/accounts/views.py#L83

before doing this you could do regex, to check if its a valid Email address or Not https://github.com/garg3133/JagratiWebApp/blob/92b70b4d11976dfe6364db12bc0454843b2168cc/accounts/views.py#L106

engineerscodes avatar May 28 '21 16:05 engineerscodes

Thanks, @engineerscodes for raising this issue. We should definitely validate the form in the backend. But I think a better place to validate the forms is forms.py and not views. Views should only contain the main backend logic.

We are trying to port our forms to Django forms, starting from issue #263, as backend would definitely provide a better form validation.

garg3133 avatar May 29 '21 13:05 garg3133

Yes, your right I did not see the form.py file, you could do def clean and raise an error if it's not a valid email

engineerscodes avatar May 29 '21 14:05 engineerscodes

@garg3133 he is mentioning this issue while creating a new user account, I guess so we need a form there too I would like to work on this

harshakhmk avatar Jun 02 '21 10:06 harshakhmk

There is already form.py https://github.com/garg3133/JagratiWebApp/blob/f28e7b87900df144a1a9a522ac23fc856137ac25/accounts/forms.py#L6 https://github.com/garg3133/JagratiWebApp/blob/f28e7b87900df144a1a9a522ac23fc856137ac25/accounts/forms.py#L7

engineerscodes avatar Jun 02 '21 19:06 engineerscodes

Yeah, I guess I created this form to escape Django's password validation while creating a new user through Admin Portal (you can see this form is only used in accounts/admin.py).

I think we can just create a new form here, and use Django's password validation out-of-the-box and check the email against the Regex pattern in clean_email method.

garg3133 avatar Jun 03 '21 20:06 garg3133

I would like to work on this @garg3133

harshakhmk avatar Jun 04 '21 04:06 harshakhmk

sir I am django developer and currently working on making REST APIs through django and integrate it with react frontend, so I would like to work on this if assigned

VinVorteX avatar May 09 '24 17:05 VinVorteX