Preview

Start a free Courses trial
to watch this video

Custom Field Validation

Name: Custom Field Validation
Uploaded: 2015-12-29T15:23:55Z
Duration: 436 s
Description: We can control how each field is cleaned by overriding a special method on our form class.

7:16 with Kenneth Love

We can control how each field is cleaned by overriding a special method on our form class.

Teacher's Notes
Video Transcript
Downloads

Fields still have validators, which we'll talk about in the next video, so you can't, for example, make an EmailField accept non-valid email addresses by overriding the clean_fieldname method for that field. Cleaning a field is for additional verification of the submitted data.

So our form is pretty much done. 0:00

So I think it would be a good idea to add a honeypot field to catch bots. 0:01

There are packages out there to handle this, 0:06

but I think that we can do it on our own. 0:07

Django gives us three types of special validation on forms. 0:09

We can validate the form as a whole. 0:13

We use this if we need to validate two or more fields in relation to each other, 0:16

like making sure that someone gives us either a phone number, 0:20

an email address or both. 0:23

We can validate individual fields with custom cleaning methods. 0:26

This is for slightly more complicated things than our next approach, but 0:29

this is where we're going to start. 0:33

And finally, we can use Django's built-in validators, or create our own. 0:35

Validators are functions that take a value and 0:40

return a specific error if the value is wrong. 0:42

We'll talk more about these in the next video. 0:45

You'll encounter field cleaning methods pretty often in the wild. 0:47

So, I want to start there. 0:50

Let's go make our honey pot and make sure that's empty. 0:52

So, we have a pretty cool form and view combo, right now. 0:55

Our view shows a form, they fill it in, we get an e-mail, 1:00

they get a message saying thank you, and everything just works really well. 1:04

So that's great. 1:09

But our form right now is maybe a little bit prone to abuse? 1:10

Or even less abuse, more just misuse. 1:16

We don't want to have spiders, bots coming along, filling out our form and 1:20

just sending us tons of junk submission, 1:25

especially ones that are comment bots like you find on blogs. 1:27

So, we need to prevent that. 1:33

And one of the cool ways, and fairly easy ways, to prevent that is you provide 1:34

a hidden input in an invisible field that normally is called a honey pot. 1:38

And if anythings in that honey pot then your like eh your probably a bot. 1:43

I'm not actually gonna submit your thing. 1:47

And we could do that in our view. 1:50

We could add a field and then check to make sure that the field was empty. 1:52

But that's a bad idea, because we have to remember to do it. 1:55

It makes more sense to do it in our form, and just have our form do it for us. 1:58

So let's add a new field that we'll call honeypot. 2:03

And you can call this pooh bear, or bees, or whatever you wanna call it. 2:07

And we're gonna make this a CharField, this doesn't really matter too much. 2:12

And we're gonna say required=False, for now. 2:17

We're gonna say required=False for now, 2:21

just because we want the field to be blankable. 2:23

We don't want anybody to have to actually fill anything in. 2:27

And then we're gonna specify a widget on it. 2:29

And widget is gonna be forms.hiddenInput. 2:33

And the label which is the text, if you look here this one says name. 2:39

By default it just takes this and capitalizes the first letter. 2:45

But we want to specify a custom label on this so 2:49

that humans if they ever see it know what to do with it. 2:51

And we'll just say leave empty. 2:54

All right. 2:57

So there we go. Let's go look at our form, and 2:58

we don't see leave empty. 3:03

But if we inspect it, and we look over here, 3:05

then now there is this new hidden field here called honeypot. 3:11

It doesn't print a label because it's hidden. 3:14

If were to change something. 3:18

If we were to change this somehow so 3:19

it wasn't hidden then that input would show up. 3:22

We don't want that input to show up though we want it to stay hidden. 3:25

So, having this hidden honeypot field doesn't actually make it to where our form 3:28

will fail validation if the honeypot's filled out. 3:33

We could go and submit this and say bot@example.com and 3:38

[SOUND] and then let's inspect. 3:45

We get into some browser trickery here, and, I'm gonna actually edit this. 3:49

I'm gonna add a new one, called value, and it's gonna be filled with bees. 3:56

And so now if I submit this it still goes through. 4:02

It still says thanks for your submission, or suggestion, sorry. 4:05

So, just having the honey pot didn't make us safer. 4:09

This is kinda long, I'm gonna break this down. 4:14

Sorry, okay. 4:26

I'm gonna stop messing with that. 4:27

So, how do we clean this up? 4:29

How do we handle that? 4:31

Well, we can override the cleaning method for this one individual field. 4:32

So, we can do def clean_honeypot and this will be the method that's called. 4:36

When django does the is valid, it basically runs through every single field 4:43

It looks for a clean, and then whatever the field's name is, 4:48

and runs that function, if it exists, that method. 4:52

And if it doesn't, it has a built in way of making sure, like, that a CharField, 4:55

that's not left as required false, actually has something in it. 4:59

That an email field is actually an email. 5:03

Things like that. 5:05

So, in this case, it'll look for this clean honey pot. 5:07

And since it now exists, it will run it. 5:09

So, what we wanna do is we wanna say that 5:12

honeypot equals self.cleaned_data honey pot. 5:15

Because we wanna ge the data that's in there. 5:21

And if there's any len to honeypot, 5:24

if there's anything at all in there, then we want to raise a validation error. 5:26

And we're gonna raise forms.ValidationError and 5:31

we're gonna say, honeypot should be left empty. 5:35

Bad bot! 5:40

Cuz it's probably a bot. 5:43

And then no matter what, we're going to return honeypot. 5:45

We have to send back the data. 5:48

Or really, we're sending back the form itself, but we definitely want, or 5:52

the field itself, but we have to send all that back. 5:55

Okay, cool. 5:58

So now, let's try this again. 5:59

We'll put in Bot, bot@example.com. 6:02

Put in some gobbledygook. 6:05

And then, I'm going to inspect my form, find my honeypot, edit. 6:09

Oops. 6:16

Add an attribute, value equals some binary. 6:21

All right, cool, and i'm gonna submit it. 6:27

Aha look at that. 6:30

Hidden, oops, hidden field honey pot. 6:31

Honey pot should be left empty, bad bot. 6:33

And our stuff is still filled in. 6:35

It didn't create a new email. 6:37

If we were to look in here in our suggestions folder. 6:39

It hasn't refreshed. 6:42

Woop. 6:46

Okay. So 6:47

we have two cuz I submitted one that says Kenneth and I submitted one that says Bot. 6:47

We don't have a third. 6:50

So that's the way that we can handle cleaning just one single field. 6:51

You can write a clean field method for any field in your form. 6:57

Like I said at the beginning of the video, 7:01

if you need to clean more than one field, and 7:03

their validation depends on each other, you'll want to clean the entire form. 7:04

We'll do that together in a later video. 7:08

Now though, 7:11

let's see how we can do this a little bit differently with a custom validator. 7:12

You need to sign up for Treehouse in order to download course files.

Django Forms

Custom Field Validation