Fixed #27807 -- Made username validation configurable through AUTH_USERNAME_VALIDATORS setting

[saykharng]

ticket-27807

Solution allows Username Validation to be configured through AUTH_USERNAME_VALIDATORS setting.
The setting follows similar approach to password validators with slight difference. Username Validator must be callable like core validators and requires a help_text method (returns a string explaining the requirement of validation).

• Added USERNAME_VALIDATORS config in settings.
• Username Validator should be callable, like core validators.
• Username Validator should have help_text() method, which is to display the requirement to the user.
• Added help_text method on UnicodeUsernameValidator and ASCIIUsernameValidator
• Added help_text method on UnicodeUsernameValidator and ASCIIUsernameValidator
• Added Username Validation page in docs/topics
• Added test in auth_tests

[jacobtylerwalls]

Hi Shekhar, another (prospective) first time Django contributor here. Thought I would help out a fellow first timer by commenting on your documentation.

[jacobtylerwalls]

Also, this would need a test that UnicodeUsernameValidator is correctly defaulted when settings are not provided, since this is what nearly all users will experience if this approach is implemented.

[saykharng]

Hi Shekhar, another (prospective) first time Django contributor here. Thought I would help out a fellow first timer by commenting on your documentation.
Hi Jacob, Thank you! I will go through each comment and make changes.

[saykharng]

Hi Shekhar, another (prospective) first time Django contributor here. Thought I would help out a fellow first timer by commenting on your documentation.

Hi Jacob, my sincere apologies on taking long time on this.

Currently, I am following the django core validators pattern where the validator should be callable. Therefore implementing validators with call method. Is this ok? or should I make it exactly like a password validators with validate() function and make necessary changes?

Please let me know.

[jacobtylerwalls]

Hi Shekhar!
Since this is a new feature, I think the next step is for you to post on django-developers to find consensus on the approach. See more here: https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/submitting-patches/
Cheers, Jacob

[saykharng]

Hi Shekhar!
Since this is a new feature, I think the next step is for you to post on django-developers to find consensus on the approach. See more here: https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/submitting-patches/
Cheers, Jacob

Thank you!

[saykharng]

Hi Shekhar!
Since this is a new feature, I think the next step is for you to post on django-developers to find consensus on the approach. See more here: https://docs.djangoproject.com/en/dev/internals/contributing/writing-code/submitting-patches/
Cheers, Jacob

Thank you!

I have opened a discussion but waiting on feedback.

[jacobtylerwalls]

heya @saykharng I have a few more suggestions on tests to include and some documentation fixes. I'll let a more experienced contributor mark this as ready for checkin once they've given it their own review 👍

[jacobtylerwalls]

Sorry this feedback has been so piecemeal, but I noticed a few more things when I looked again at this today. Lmk if you have any questions!

[saykharng]

heya @saykharng I have a few more suggestions on tests to include and some documentation fixes. I'll let a more experienced contributor mark this as ready for checkin once they've given it their own review 👍

Hi Jacob, thanks a lot for your feedback and sorry it's taking a while.

I have learned a lot about development and django by working on this feature. I have added few more test and made all the changes as suggested. Appreciate your time. :)

[jacobtylerwalls]

Happy to do it, @saykharng, I left a few more comments that might say "outdated" because they were made in between your force-pushes, but I gave them a quick scan and I think they're all still relevant.

Also, be careful about the files you check into the repo, I noticed you checked in a .swp file.

[saykharng]

Happy to do it, @saykharng, I left a few more comments that might say "outdated" because they were made in between your force-pushes, but I gave them a quick scan and I think they're all still relevant.

Also, be careful about the files you check into the repo, I noticed you checked in a .swp file.

Thank you!

• Fixed the docs based on comments (looking at a html page was much easier to find issue.)
• Removed username_validator variable
• Removed word 'English' from 'English letters' in UnicodeUsernameValidator

[smithdc1]

Not sure about the phrase 'English letters'. (As an English speaker this phrase makes me cringe. French, German, Spanish etc all use these characters as well, do folk who speak these languages really call this set of letters 'English'?)

Could be 'letters from the Latin alphabet'?

https://en.m.wikipedia.org/wiki/Latin_alphabet

[AntonOfTheWoods]

From my experience speaking those languages and as a native speaker of English, I also vote for 'letters from the Latin alphabet'. Some languages (like Chinese) tend to use "English" for everything to do with Europe, but none of the European languages I speak do in my experience!

[saykharng]

Thank you! I have made the changes as suggested.

[matthiask]

• I really like replacing "English" with "Latin alphabet"
• Maybe you could move the existing username validators to the username_validation module too since you have been inspired by the password_validation module (and of course leave backwards compatibility shims in django.contrib.auth.validators.) (Not important, just a suggestion.)

[matthiask]

I'm unsure whether there's a good reason for this validator, since django.core.validators.MinLengthValidator (https://docs.djangoproject.com/en/3.1/ref/validators/#minlengthvalidator) exists already.

I know there's a MinimumLengthValidator in the password_validation.py module but maybe that one is a bit redundant too.

[saykharng]

Thank you for the feedback. Apologies for extreme delay in response.

I have made suggested changes other than moving validators to username_validation.

[matthiask]

Use :class:`~django.contrib.auth.validators.UnicodeUsernameValidator` here

[saykharng]

Fixed

[matthiask]

"django." is missing

[saykharng]

Fixed

[matthiask]

":class:`~...`" again

[saykharng]

Fixed

[matthiask]

Spaces after : missing

[saykharng]

Fixed

[matthiask]

Strange line breaks

[saykharng]

Fixed

[jacobtylerwalls]

glad to see this moving along. some minor fixes after your last push.

[jacobtylerwalls]

username, not password. :-)

[saykharng]

glad to see this moving along. some minor fixes after your last push.

Thank you! that is so embarrassing. I actually read everything in the docs this time in html.

-- Fixed all the typos and the line break.
-- Added the new method help_text for Unicode and ASCII username validator in the docs
-- Added the UsernameMinimumLength validator in list of Validators as well.

[saykharng]

fixed.

[saykharng]

fixed.

[saykharng]

fixed.

[saykharng]

fixed.

[jacobtylerwalls]

Hi again. I think to move this forward what you likely need is proof that this has support to get into Django. I was glad to see you post on the mailing list when I suggested it in July, but perhaps the question you asked was so narrow it didn't introduce the subject properly.

I think you need to ask more broadly whether this feature should be fashioned after password validation with a dict of validators in global_settings.py, and if so, whether your implementation is on track, and further, whether it should be documented with an entire new page almost identical to the password validation page, or whether they should be integrated. One respondent on the ticket modeled an approach similar to yours, so that's promising.

Minor things to make this easier to review: please update the body of the description of the PR with the ticket number (ticket-27807), and make the PR title describe the approach you used, something like: "Made username validation configurable through AUTH_USERNAME_VALIDATORS setting"

Even if people end up suggesting a different approach, you will have still made a significant contribution in terms of putting forth a concrete approach for folks to look at. 👍

[saykharng]

Hi again. I think to move this forward what you likely need is proof that this has support to get into Django. I was glad to see you post on the mailing list when I suggested it in July, but perhaps the question you asked was so narrow it didn't introduce the subject properly.

I think you need to ask more broadly whether this feature should be fashioned after password validation with a dict of validators in global_settings.py, and if so, whether your implementation is on track, and further, whether it should be documented with an entire new page almost identical to the password validation page, or whether they should be integrated. One respondent on the ticket modeled an approach similar to yours, so that's promising.

Minor things to make this easier to review: please update the body of the description of the PR with the ticket number (ticket-27807), and make the PR title describe the approach you used, something like: "Made username validation configurable through AUTH_USERNAME_VALIDATORS setting"

Even if people end up suggesting a different approach, you will have still made a significant contribution in terms of putting forth a concrete approach for folks to look at. 👍

Thank you again. I have started a group conversation and updated the detail in PR as well. :)

[carltongibson]

Hi @saykharng. Thanks for the input here, but I think we have to close this as wontfix.

The suggested fix here adds a setting, as signal, and sub-api to validators — all of which are significant changes, and I think none of which are justified by the issues.

How do I customize username validation? First and foremost, it's not clear you should: UnicodeUsernameValidator is a good default. But if you want to, use a custom user model. If you can't do that, add the validation you want at the form level, or in clean(), or if you really must monkey patch the field in a ready() handler, and so on.

There are lots of option that don't need so much structure.

I hope that makes sense. I will update the ticket accordingly.

[saykharng]

Hi @saykharng. Thanks for the input here, but I think we have to close this as wontfix.

The suggested fix here adds a setting, as signal, and sub-api to validators — all of which are significant changes, and I think none of which are justified by the issues.

How do I customize username validation? First and foremost, it's not clear you should: UnicodeUsernameValidator is a good default. But if you want to, use a custom user model. If you can't do that, add the validation you want at the form level, or in clean(), or if you really must monkey patch the field in a ready() handler, and so on.

There are lots of option that don't need so much structure.

I hope that makes sense. I will update the ticket accordingly.

@carltongibson
Appreciate your time and thank you for the feedback.
I did learn a lot about Django, tests and documentation while working on it.

In future, I will open up discussion/share ideas earlier.

Regards
Shekhar