Do not strip password leading or trailing whitespaces

The default behavior of the CharField class in Django forms is to strip leading and trailing whitespaces from the input text - see https://docs.djangoproject.com/en/4.2/ref/forms/fields/#django.forms.CharField.strip. For authentication, this means that a user with a password containing leading or trailing whitespace is currently unable to log in via OMERO.web. This commit fixes the login form as well as the change password form to preserve leading/trailing passwords.
ome · Jan 22, 2025 · 4fc2c03 · 4fc2c03
1 parent 96d1138
commit 4fc2c03
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/omeroweb/webadmin/forms.py b/omeroweb/webadmin/forms.py
@@ -52,6 +52,7 @@ def __init__(self, *args, **kwargs):
         widget=forms.TextInput(attrs={"size": 22, "autofocus": "autofocus"}),
     )
     password = forms.CharField(
+        strip=False,
         widget=forms.PasswordInput(attrs={"size": 22, "autocomplete": "off"}),
     )
 
@@ -544,14 +545,17 @@ def clean_photo(self):
 
 class ChangePassword(forms.Form):
     old_password = forms.CharField(
+        strip=False,
         widget=forms.PasswordInput(attrs={"size": 30, "autocomplete": "off"}),
         label="Current password",
     )
     password = forms.CharField(
+        strip=False,
         widget=forms.PasswordInput(attrs={"size": 30, "autocomplete": "off"}),
         label="New password",
     )
     confirmation = forms.CharField(
+        strip=False,
         widget=forms.PasswordInput(attrs={"size": 30, "autocomplete": "off"}),
         label="Confirm password",
     )