Fixed #25052; refs #16860 -- Added password validation to UserCreationForm.

2015-07-06 14:14:59 -04:00 · 2015-07-06 14:14:59 -04:00 · 774c16d16e
parent f5e9d67907
commit 774c16d16e
2 changed files with 23 additions and 0 deletions
--- a/django/contrib/auth/forms.py
+++ b/django/contrib/auth/forms.py
@ -86,6 +86,8 @@ class UserCreationForm(forms.ModelForm):
                self.error_messages['password_mismatch'],
                code='password_mismatch',
            )
+        self.instance.username = self.cleaned_data.get('username')
+        password_validation.validate_password(self.cleaned_data.get('password2'), self.instance)
        return password2

    def save(self, commit=True):
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@ -132,6 +132,27 @@ class UserCreationFormTest(TestDataMixin, TestCase):
        self.assertEqual(password_changed.call_count, 1)
        self.assertEqual(repr(u), '<User: jsmith@example.com>')

+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
+        {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 'OPTIONS': {
+            'min_length': 12,
+        }},
+    ])
+    def test_validates_password(self):
+        data = {
+            'username': 'testclient',
+            'password1': 'testclient',
+            'password2': 'testclient',
+        }
+        form = UserCreationForm(data)
+        self.assertFalse(form.is_valid())
+        self.assertEqual(len(form['password2'].errors), 2)
+        self.assertIn('The password is too similar to the username.', form['password2'].errors)
+        self.assertIn(
+            'This password is too short. It must contain at least 12 characters.',
+            form['password2'].errors
+        )
+

@override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
 class AuthenticationFormTest(TestDataMixin, TestCase):