Home/ Questions/Q 5962045
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-22T19:03:02+00:00

From looking over the documentation, it seems that the form clean() method is only

  • 0

From looking over the documentation, it seems that the form clean() method is only intended to do lightweight syntax-related validation, such as checking that an email address ends in “.com” or “.edu”, or ensuring that the user selects no more than three items from a “pick your top three favorite TV shows” list.

I’m working on an application that allows users to set their password and I want to make sure that their password doesn’t contain their login or their real name, and the clean() method doesn’t seem like the right place to do this kind of checking, both from a design standpoint and also from the practical limitation that the clean() method doesn’t have access to the session data.

Where is the best place to do more heavyweight validation? If I do some custom checking in the view after calling form.is_valid(), is there a way to get back to the standard form error handling?

I have an idea the code might look like this:

def process_login(request):
    """Display or process the login form."""

    if request.method == 'POST':
        form = LoginForm(request.POST)

        if form.is_valid():
            password = form.cleaned_data['password']
            if password_is_bad(password, request):
                # what now?
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There’re field-specific validation hooks too: clean_$fieldname. See details in this section of django docs.

    Update: As for passing session info to form, this is easily done via attribute assignment:

    form = LoginForm(request.POST)
form.session = request.session

    then you can access self.session in clean_password method.

    • 0