[bug]: form fields validation must be also done in backend

garg3133 / JagratiWebApp

Official WebApp of Jagrati - An Initiative of IIITians

https://jagrati.iiitdmj.ac.in

MIT License

47 stars 130 forks source link

[bug]: form fields validation must be also done in backend #280

Open engineerscodes opened 3 years ago

engineerscodes commented 3 years ago

The issue is very simple you must validate form data in the backend just not in the front-end eg-Reg form I could edit the HTML form eg-email filed, I changed it to text and removed the pattern search HTML attribute check the image below Screenshot (120)

Screenshot (121)

Plz look into it

Jagrati-Bot commented 3 years ago

Hi! Thanks for opening your first issue at JagratiWebApp :rocket: We really appreciate it. :raised_hands: Someone from our team will get back here soon.

engineerscodes commented 3 years ago

look at this line -https://github.com/garg3133/JagratiWebApp/blob/92b70b4d11976dfe6364db12bc0454843b2168cc/accounts/views.py#L83

before doing this you could do regex, to check if its a valid Email address or Not https://github.com/garg3133/JagratiWebApp/blob/92b70b4d11976dfe6364db12bc0454843b2168cc/accounts/views.py#L106

garg3133 commented 3 years ago

Thanks, @engineerscodes for raising this issue. We should definitely validate the form in the backend. But I think a better place to validate the forms is forms.py and not views. Views should only contain the main backend logic.

We are trying to port our forms to Django forms, starting from issue #263, as backend would definitely provide a better form validation.

engineerscodes commented 3 years ago

Yes, your right I did not see the form.py file, you could do def clean and raise an error if it's not a valid email

harshakhmk commented 3 years ago

@garg3133 he is mentioning this issue while creating a new user account, I guess so we need a form there too I would like to work on this

engineerscodes commented 3 years ago

There is already form.py https://github.com/garg3133/JagratiWebApp/blob/f28e7b87900df144a1a9a522ac23fc856137ac25/accounts/forms.py#L6 https://github.com/garg3133/JagratiWebApp/blob/f28e7b87900df144a1a9a522ac23fc856137ac25/accounts/forms.py#L7

garg3133 commented 3 years ago

Yeah, I guess I created this form to escape Django's password validation while creating a new user through Admin Portal (you can see this form is only used in accounts/admin.py).

I think we can just create a new form here, and use Django's password validation out-of-the-box and check the email against the Regex pattern in clean_email method.

harshakhmk commented 3 years ago

I would like to work on this @garg3133

vinayak3010 commented 4 months ago

sir I am django developer and currently working on making REST APIs through django and integrate it with react frontend, so I would like to work on this if assigned