Open joemull opened 2 years ago
I feel like this issue is quite important and we should probably get a fix for this urgently. Dumping at the top of triage for comment on Thursday.
Backlog refinement:
This is tricky because if we make the change to fix it, it is possible that many things will break. So, it will be important to test it thoroughly. We need test cases that cover all the edge cases for account creation. We need to test with all possible combinations of account data.
As it will also affect importers, we need to investigate the places that the account model is used, and create additional issues in each repository that needs one.
Describe the bug It is possible to pass any string to the email field when importing account data (e.g. with
plugins/imports/articles/all
). Other fields are likely not being validated either. @mauromsl figured out that this was due to the AccountQuerySet class definition:Rather than
obj.clean()
it should haveobj.full_clean()
. This change has ramifications elsewhere, so other changes are going to be needed.Janeway version 1.4
To see evidence of this, look at how
test_bad_data
inplugins/imports/tests/test_utils.py
passes.