Validation utilities¶

To ease the process of validating user registration data, django-registration includes some validation-related data and utilities in registration.validators.

The available error messages are:

registration.validators.DUPLICATE_EMAIL¶: Error message raised by RegistrationFormUniqueEmail when the supplied email address is not unique.

registration.validators.FREE_EMAIL¶: Error message raised by RegistrationFormNoFreeEmail when the supplied email address is rejected by its list of free-email domains.

registration.validators.RESERVED_NAME¶: Error message raised by ReservedNameValidator when it is given a value that is a reserved name.

registration.validators.TOS_REQUIRED¶: Error message raised by RegistrationFormTermsOfService when the terms-of-service field is not checked.

All of these error messages are marked for translation; most have translations into multiple languages already in django-registration.

Additionally, one custom validator is provided:

class registration.validators.ReservedNameValidator¶

A custom validator (see Django’s validators documentation) which prohibits the use of a reserved name as the value.

By default, this validator is applied to the username field of registration.forms.RegistrationForm and all of its subclasses. The validator is applied in a form-level clean() method on RegistrationForm, so to remove it (not recommended), simply subclass RegistrationForm and override clean(). For no custom form-level validation, you could simply implement it as:

def clean(self):
    pass

If you want to supply your own custom list of reserved names, you can subclass RegistrationForm and set the attribute reserved_names to the list of values you want to disallow.

Note

Why reserved names are reserved

Many Web applications enable per-user URLs (to display account information), and some may also create email addresses or even subdomains, based on a user’s username. While this is often useful, it also represents a risk: a user might register a name which conflicts with an important URL, email address or subdomain, and this might give that user control over it.

django-registration includes a list of reserved names, and rejects them as usernames by default, in order to avoid this issue.

The default list of reserved names, if you don’t specify one, is DEFAULT_RESERVED_NAMES. The validator will also reject any value beginning with the string ".well-known" (see RFC 5785).

Several constants are provided which are used by this validator:

registration.validators.SPECIAL_HOSTNAMES¶: A list of hostnames with reserved or special meaning (such as “autoconfig”, used by some email clients to automatically discover configuration data for a domain).

registration.validators.PROTOCOL_HOSTNAMES¶: A list of protocol-specific hostnames sites commonly want to reserve, such as “www” and “mail”.

registration.validators.CA_ADDRESSES¶: A list of email usernames commonly used by certificate authorities when verifying identity.

registration.validators.RFC_2142¶: A list of common email usernames specified by RFC 2142.

registration.validators.NOREPLY_ADDRESSES¶: A list of common email usernames used for automated messages from a Web site (such as “noreply” and “mailer-daemon”).

registration.validators.SENSITIVE_FILENAMES¶: A list of common filenames with important meanings, such that usernames should not be allowed to conflict with them (such as “favicon.ico” and “robots.txt”).

registration.validators.OTHER_SENSITIVE_NAMES¶: Other names, not covered by the above lists, which have the potential to conflict with common URLs or subdomains, such as “blog” and “docs”.

registration.validators.DEFAULT_RESERVED_NAMES¶: A list made of the concatentation of all of the above lists, used as the default set of reserved names for ReservedNameValidator.