Validation utilities¶
To ease the process of validating user registration data,
django-registration
includes some validation-related data and
utilities in registration.validators
.
The available error messages are:
-
registration.validators.
DUPLICATE_EMAIL
¶ Error message raised by
RegistrationFormUniqueEmail
when the supplied email address is not unique.
-
registration.validators.
FREE_EMAIL
¶ Error message raised by
RegistrationFormNoFreeEmail
when the supplied email address is rejected by its list of free-email domains.
-
registration.validators.
RESERVED_NAME
¶ Error message raised by
ReservedNameValidator
when it is given a value that is a reserved name.
-
registration.validators.
TOS_REQUIRED
¶ Error message raised by
RegistrationFormTermsOfService
when the terms-of-service field is not checked.
All of these error messages are marked for translation; most have
translations into multiple languages already in
django-registration
.
Additionally, one custom validator is provided:
-
class
registration.validators.
ReservedNameValidator
¶ A custom validator (see Django’s validators documentation) which prohibits the use of a reserved name as the value.
By default, this validator is applied to the username field of
registration.forms.RegistrationForm
and all of its subclasses. The validator is applied in a form-levelclean()
method onRegistrationForm
, so to remove it (not recommended), simply subclassRegistrationForm
and overrideclean()
. For no custom form-level validation, you could simply implement it as:def clean(self): pass
If you want to supply your own custom list of reserved names, you can subclass
RegistrationForm
and set the attributereserved_names
to the list of values you want to disallow.Note
Why reserved names are reserved
Many Web applications enable per-user URLs (to display account information), and some may also create email addresses or even subdomains, based on a user’s username. While this is often useful, it also represents a risk: a user might register a name which conflicts with an important URL, email address or subdomain, and this might give that user control over it.
django-registration
includes a list of reserved names, and rejects them as usernames by default, in order to avoid this issue.The default list of reserved names, if you don’t specify one, is
DEFAULT_RESERVED_NAMES
. The validator will also reject any value beginning with the string".well-known"
(see RFC 5785).
Several constants are provided which are used by this validator:
-
registration.validators.
SPECIAL_HOSTNAMES
¶ A list of hostnames with reserved or special meaning (such as “autoconfig”, used by some email clients to automatically discover configuration data for a domain).
-
registration.validators.
PROTOCOL_HOSTNAMES
¶ A list of protocol-specific hostnames sites commonly want to reserve, such as “www” and “mail”.
-
registration.validators.
CA_ADDRESSES
¶ A list of email usernames commonly used by certificate authorities when verifying identity.
-
registration.validators.
NOREPLY_ADDRESSES
¶ A list of common email usernames used for automated messages from a Web site (such as “noreply” and “mailer-daemon”).
-
registration.validators.
SENSITIVE_FILENAMES
¶ A list of common filenames with important meanings, such that usernames should not be allowed to conflict with them (such as “favicon.ico” and “robots.txt”).
-
registration.validators.
OTHER_SENSITIVE_NAMES
¶ Other names, not covered by the above lists, which have the potential to conflict with common URLs or subdomains, such as “blog” and “docs”.
-
registration.validators.
DEFAULT_RESERVED_NAMES
¶ A list made of the concatentation of all of the above lists, used as the default set of reserved names for
ReservedNameValidator
.