Jun-13-2024, 08:39 AM
(Jun-12-2024, 08:01 PM)deanhystad Wrote: One at a time is fairly standard. As a user I don't want a message 10 lines long telling me everything I did wrong.
You can only raise one validation error, but the message can be as long as you want. Check evrything, building your message for each problem, and if the message isn't empty, raise the ValidationError(composit_message).
def validate_np(form, field): errors = [] if form.un.data: if field.data in form.un.data.split("."): errors.append('New password cant contain firstname or lastname') if field.data == form.op.data: errors.append('New password cant match Current password') if len(field.data) < 12: errors.append('New password must be at least 12 characters') if not re.search(r"[0-9]", field.data): errors.append('New password has to contain one number') if not re.search(r"[a-z]", field.data): errors.append('New password has to contain one lower case character') if not re.search(r"[A-Z]", field.data): errors.append('New password has to contain one upper case character') if not re.search(r"[\`\¬\!\"\£\$\%\^\&\*\(\)\-\_\=\+\\\|\[\]\;\'\#\,\.\/\{\}\:\@\~\<\>\?]", field.data): errors.append('New password has to contain one special character') if not field.data == form.cnp.data: errors.append('New password has to match Confirm new password') if errors: ValidationError("\n".join(errors))You could also block messages.
def validate_np(form, field): if form.un.data: if field.data in form.un.data.split("."): raise ValidationError("Password cannot contain your first or last name") if field.data == form.op.data: raise ValidationError("New and old passwords cannot be the same.") if re.search(r"\s", field.data): raise ValidationError("Passwords cannot contain spaces.") if len(field.data) < 12: raise ValidationError("Passwords must be 12 or more characters long") # These are character type checks errors = [] if not re.search(r"[a-z]", field.data): errors.append("lower case characters") if not re.search(r"[A-Z]", field.data): errors.append("upper case characters") if not re.search(r"[0-9]", field.data): errors.append("digits") if not re.search(r"[\`\¬\!\"\£\$\%\^\&\*\(\)\-\_\=\+\\\|\[\]\;\'\#\,\.\/\{\}\:\@\~\<\>\?]", field.data): errors.append("special characters") if errors: print(errors) if len(errors) > 1: message = f"Passwords must contain {', '.join(errors[:-1])} and {errors[-1]}." else: message = f"Passwords must contain {errors[0]}." raise ValidationError(message) if not field.data == form.cnp.data: raise ValidationError("Passwords do not match")I think this message is misleading:
Quote:New password has to contain one upper case characterThe validation checks if there are more than zero upper case characters, not if there is one upper case character. A better message:
Quote:New password must contain upper case charactersI would also leave off things like "New" and "Confirm"
thanks deanhystad i appreciate it!
ive noticed for "cant contain firstname or lastname" lets say you put "admin" in the username and in new password put in "admini" this is allowed
does my front end coding look ok to you
do i need this in it to make it secure
{{ form.csrf_token }}
thanks,
rob