password validation support

brutasse / django-password-reset

Class-based views for password reset

https://django-password-reset.readthedocs.io

BSD 3-Clause "New" or "Revised" License

278 stars 136 forks source link

password validation support #45

Open g-k opened 8 years ago

g-k commented 8 years ago

It'd be good to support password-validation added in Django 1.9.

It's currently possible to reset passwords to one char (e.g. a), common passwords (e.g. abc123), and the username (e.g. username admin and password admin). Password validators could prevent this.

This is a difference with the builtin django.contrib.auth password reset on 1.9 (refs: https://github.com/brutasse/django-password-reset/issues/26).

tedgruenloh commented 7 years ago

I encountered this, and fixed it with a one liner (if you don't count the corresponding import) in the clean_password2() function of PasswordResetForm. Hope this helps, and thanks for your work on this.

from django.contrib.auth.password_validation import validate_password
validate_password(self.cleaned_data.get('password1'))