Fix: Validate current_step on submit

[obarahona10]

Inspired by #224

[Copilot]

Pull request overview

Adds validation for the wizard management form’s current_step field to prevent tampered submissions from triggering server errors (aligning with django-formtools PR #224).

Changes:

• Add a wizard test asserting invalid current_step submissions return HTTP 400.
• Extend ManagementForm to validate current_step against the known wizard steps.
• Update wizard views to pass the step list into ManagementForm.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.

File	Description
tests/wizard/wizardtests/tests.py	Adds coverage for invalid current_step POST data returning 400.
formtools/wizard/views.py	Passes the wizard step list into ManagementForm during POST handling and context rendering.
formtools/wizard/forms.py	Implements current_step validation in ManagementForm.

Comments suppressed due to low confidence (2)

formtools/wizard/forms.py:20

• The ValidationError message here is user-facing if someone renders ManagementForm errors directly, but it's currently not marked for translation. Use Django's i18n utilities (e.g., gettext_lazy) for the error message to match the rest of the wizard’s translated strings.

            raise ValidationError("Invalid step name.")

tests/wizard/wizardtests/tests.py:77

• Test naming is inconsistent with the surrounding suite (nearby tests use the test_form_post_... prefix, e.g. test_form_post_mgmt_data_missing). Renaming this to follow the same pattern will make the suite easier to scan and keep reports grouped consistently.

    def test_invalid_current_step_data(self):
        wizard_step_data = self.wizard_step_data[0].copy()

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.