Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Login Form - when username doesn't exist - new user is created in database #613

Open
Prasivec opened this issue Mar 20, 2023 · 2 comments
Open

Login Form - when username doesn't exist - new user is created in database #613

Prasivec opened this issue Mar 20, 2023 · 2 comments

Comments

@Prasivec
Copy link

I'm using django two-factor-auth in my project for login of users. It works fine when it comes to enter valid credentials, 2FA also works great. BUT - if i enter invalid credentials:

  1. valid user name and invalid password = page reload without any error message
  2. invalid user name and any password = page refresh and NEW user is created in database.

is this normal behavior or some issue? Is there any solution to disable this behavior and display according error message?
@Prasivec
Copy link
Author

I'm using CustomUser model
`class CustomUserModel(AbstractUser):
# MAKING email field mandatory
email = models.EmailField(unique=True)
# KEEP TRACK OF USER'S PASSWORD CREATION DATE TO ENFORCE 3MONTH MAX VALIDITY
password_created_date = models.DateTimeField(default=timezone.now, null=False, blank=False)
# WHICH DEPARTMENT IS USER MEMBER OF
department = models.ForeignKey(Department, on_delete=models.PROTECT, default=1, null=False, blank=False)
# WHICH TEAM IS USER MEMBER OF
team = models.ForeignKey(Team, on_delete=models.PROTECT, default=1, null=False, blank=False)
# USER TYPE - DETERMINES SOME ATTRIBUTES FOR USER - I.E. MAX AMOUNT OF ACTIVITY
user_type = models.ForeignKey(UserType, on_delete=models.PROTECT, default=1, null=False,blank=False)
# FIRST NAME - REQUIRED FIELD
first_name = models.CharField(max_length=30, blank=False, null=False)
# LAST NAME - REQUIRED FIELD
last_name = models.CharField(max_length=30, blank=False, null=False)

# OVERRIDE DEFAULT SAVE METHOD FOR USER THAT EMAIL IS REQUIRED ELSE - ValueError
def save(self, *args, **kwargs):
    if not self.email:
        raise ValueError("Email field is required")

    super().save(*args, **kwargs)

#  OVERRIDE DEFAULT SAVE PASSWORD METHOD SO THAT DATE OF CREATION IS ALSO CREATED
def set_password(self, raw_password):
    super().set_password(raw_password)
    self.password_created_date = timezone.now()
    self.save()`

Result of using invalid credentials is:

ValueError at /account/login/

Email field is required
Request Method: POST
http://127.0.0.1:8000/account/login/
4.1.7
ValueError
Email field is required

@paxw-panevo
Copy link

Not sure if the problem is within django-two-factor-auth as I cannot reproduce this. We are using django's contrib auth module.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Prasivec @paxw-panevo