From 228e970c9ec6cfb502a9ef3e8e9a7af834963d21 Mon Sep 17 00:00:00 2001 From: Gabriel Detraz Date: Sun, 19 Apr 2020 22:14:38 +0200 Subject: [PATCH] Validate password using django settings password validator --- re2o/settings_local.example.py | 3 +++ users/forms.py | 23 ++++------------------- 2 files changed, 7 insertions(+), 19 deletions(-) diff --git a/re2o/settings_local.example.py b/re2o/settings_local.example.py index c4ec9ff2..7130a1f2 100644 --- a/re2o/settings_local.example.py +++ b/re2o/settings_local.example.py @@ -106,3 +106,6 @@ OPTIONNAL_APPS_RE2O = () # Some Django apps you want to add in you local project OPTIONNAL_APPS = OPTIONNAL_APPS_RE2O + () + +#Set auth password validator +AUTH_PASSWORD_VALIDATORS = [] diff --git a/users/forms.py b/users/forms.py index e4f39f10..8e946c23 100644 --- a/users/forms.py +++ b/users/forms.py @@ -38,6 +38,7 @@ from __future__ import unicode_literals from django import forms from django.forms import ModelForm, Form from django.contrib.auth.forms import ReadOnlyPasswordHashField +from django.contrib.auth.password_validation import validate_password from django.core.validators import MinLengthValidator from django.utils import timezone from django.utils.functional import lazy @@ -82,13 +83,11 @@ class PassForm(FormRevMixin, FieldPermissionFormMixin, forms.ModelForm): passwd1 = forms.CharField( label=_("New password"), max_length=255, - validators=[MinLengthValidator(8)], widget=forms.PasswordInput, ) passwd2 = forms.CharField( label=_("New password confirmation"), max_length=255, - validators=[MinLengthValidator(8)], widget=forms.PasswordInput, ) @@ -103,6 +102,7 @@ class PassForm(FormRevMixin, FieldPermissionFormMixin, forms.ModelForm): password2 = self.cleaned_data.get("passwd2") if password1 and password2 and password1 != password2: raise forms.ValidationError(_("The new passwords don't match.")) + validate_password(password1, user=self.instance) return password2 def clean_selfpasswd(self): @@ -131,13 +131,11 @@ class UserCreationForm(FormRevMixin, forms.ModelForm): password1 = forms.CharField( label=_("Password"), widget=forms.PasswordInput, - validators=[MinLengthValidator(8)], max_length=255, ) password2 = forms.CharField( label=_("Password confirmation"), widget=forms.PasswordInput, - validators=[MinLengthValidator(8)], max_length=255, ) is_admin = forms.BooleanField(label=_("Is admin")) @@ -167,6 +165,7 @@ class UserCreationForm(FormRevMixin, forms.ModelForm): password2 = self.cleaned_data.get("password2") if password1 and password2 and password1 != password2: raise forms.ValidationError(_("The passwords don't match.")) + validate_password(password1) return password2 def save(self, commit=True): @@ -424,14 +423,12 @@ class AdherentCreationForm(AdherentForm): required=False, label=_("Password"), widget=forms.PasswordInput, - #validators=[MinLengthValidator(8)], max_length=255, ) password2 = forms.CharField( required=False, label=_("Password confirmation"), widget=forms.PasswordInput, - #validators=[MinLengthValidator(8)], max_length=255, ) @@ -481,18 +478,6 @@ class AdherentCreationForm(AdherentForm): self.fields.pop("password1") self.fields.pop("password2") - def clean_password1(self): - """Ignore ce champs si la case init_password_by_mail est décochée""" - send_email = self.cleaned_data.get("init_password_by_mail") - if send_email: - return None - - password1 = self.cleaned_data.get("password1") - if len(password1) < 8: - raise forms.ValidationError(_("Password must contain at least 8 characters.")) - - return password1 - def clean_password2(self): """Verifie que password1 et 2 sont identiques (si nécessaire)""" send_email = self.cleaned_data.get("init_password_by_mail") @@ -504,7 +489,7 @@ class AdherentCreationForm(AdherentForm): password2 = self.cleaned_data.get("password2") if password1 and password2 and password1 != password2: raise forms.ValidationError(_("The passwords don't match.")) - + validate_password(password1) return password2 def save(self, commit=True):