request unavailable during clean validation methods

pennersr / django-allauth

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

https://allauth.org

MIT License

9.43k stars 3.02k forks source link

request unavailable during clean validation methods #2941

Closed lmeyerov closed 1 year ago

lmeyerov commented 3 years ago

The current self.request is generally None during account adapter calls, which limits what is possible to do when putting in custom validators like clean_email(self, email). In our case, we were trying to pass through some anti-bot form data (request.POST.captcha) and include as part of the email validation, but could not.

The reason seems to be that the default form's get_adapter calls are invoked as get_adapter(request=None): https://github.com/pennersr/django-allauth/blob/353386216b79f16709e97bb487c0bbbba2bc0c71/allauth/account/forms.py#L344

lmeyerov commented 3 years ago

For posterity, this means you have to explicitly put such data into Django form model fields so they're part of cleaned_data, vs say request.headers or request.POST. More explicit/canonical Django that way:

class MyForm(SignupForm):

    xtra = CharField(widget=HiddenInput(), max_length=1024, required=False)

    def clean(self):
        cleaned_data = super().clean()
        clean_xtra(cleaned_data)
        return cleaned_data

derek-adair commented 1 year ago

@pennersr - probably close as won't fix / user should implement. BUT this may be an improvement... I am ignorant as to how this change would be made or what it would affect.

pennersr commented 1 year ago

These days, request is always available:

from allauth.core import context

def f_without_request():
   use(context.request)