Password widget and validation

[fcracker79]

Hi there,

I have a problem creating a signup form with form validation for a field which is a password field and numbers-only field. I have noticed that, if that field becomes valid, the validation message disappears, which does not happen for other fields. Basically, the ul element with classes djng-form-control-feedback djng-field-errors does not contain the li element for $valid for password fields. It seems to be that the incriminating piece of code (angular_validation.py) is the following:

if not isinstance(bound_field.field.widget, widgets.PasswordInput):
            # all valid fields shall display OK tick after changed into dirty state
            errors.append(SafeTuple((identifier, self.field_error_css_classes, '$dirty', '$valid', 'valid', '')))

Would not be better to control this behavior by CSS?

[fcracker79]

Alternatively, I would include the '$valid' li only if there are other validation rules.

[fcracker79]

I have the feeling that nobody is maintaining this stuff...

[jrief]

I don't get your point. Normally, if you log in somewhere and you have a wrong password, the app never tells you that only your password is wrong. You normally get something that the combination of your account name and the password is wrong, but you don't give a potential hacker a hint, what went wrong.

[fcracker79]

Thanks for your response. Actually I was not thinking about authentication, but user registration: in my case, the user has to specify a pin, which would be nice not to be shown while typing.

[fcracker79]

Hi there,

since I am not receiving any response, I have two alternatives:

1. Implement the fix on my own: I would do it if I knew that you might accept that change
2. Barely close the issue

Kind regards.

[jrief]

So, what you actually want is a field <input type="password" ... /> which behaves like a text field.

[fcracker79]

Well, yes, but just in terms of validation.

Since the typical usage of password fields is to specify a password for the login without any validation rule, the current behaviour is the right one. For this reason, it would be nice to keep the current behaviour unless specified. A solution would be to skip the $valid element if there is nothing to validate, that is, there is no such validation rule to apply. Alternatively, I might enable the $valid element by specifying it with some additional information in the password field. As a last resort, I might introduce a new CSS class that can be overridden to hide the $valid element. This solution, though, would change the behaviour,as I would expect it to be implemented as a CSS class where users put display: none if they want the current behaviour.

If you agree, I would go for the second solution. Please let me know if you agree.

P.S. Again, compliments for your project. When online, I will publicly declare its usage.

[fcracker79]

I have the feeling that this issue covers just my needs and not anyone else's. Just closing it.

Thanks for your time.