Reputation: 14280
Specify Minimum Password Length in Django Version <= 1.8?
Is it possible to enforce a minimum password length if you're using Django 1.8 or under when a user is changing their password? When a user creates their account in my website, I enforce a minimum password length using a custom validator in my signup form. However, when a user wants to change their password, I call Django's auth_views.password_change method which specifies the form and validation criteria used.
# account/urls.py
from django.conf.urls import url
from django.contrib.auth import views as auth_views
urlpatterns = [
...
url(r'^password_change/$',
auth_views.password_change,
{'template_name': 'password_change_form.html'},
name='password_change'),
...
]
Since I'm not validating their new password, users will be able to change it to one that doesn't meet my minimum length criteria. Is there any way to do this validation other than monkey-patching? This Stackover question discusses an approach that works, but it's for the situation where you're implementing authentication whereas I'm only allowing an authenticated user to change their existing password. I know Django 1.9 will provide this ability via an AUTH_PASSWORD_VALIDATORS setting but I won't have time to upgrade to 1.9 before my site goes live.
Upvotes: 1
Views: 729
Answers (1)
Reputation: 719
You can customize the default PasswordChangeForm form and pass password_change_form extra options to view functions through url to point to your CustomPasswordChangeForm form rather the default one.
from django.contrib.auth.forms import PasswordChangeForm
class CustomPasswordChangeForm(PasswordChangeForm):
"""
A Custom PasswordChangeForm for minimum password length validation.
"""
def clean_new_password1(self):
"""
Validates that the new_password1.
"""
password = self.cleaned_data.get('new_password1')
# Add your custom validation
if len(password) < 8:
raise ValidationError('Password too short')
return password
And change the url:
from django.conf.urls import url
from django.contrib.auth import views as auth_views
from _where_ import CustomPasswordChangeForm #import the CustomPasswordChangeFormform
urlpatterns = [
...
url(r'^password_change/$',
auth_views.password_change,
{'template_name': 'password_change_form.html', 'password_change_form': CustomPasswordChangeForm},
name='password_change'),
...
]
Upvotes: 1
Related Questions
- Change username max_length in Django 1.11 (django.contrib.auth)
- How can I set a minimum password length when using the built-in Django auth module?
- How do I get rid of the password constraints (eg. password has to be 8 characters, password can't be too similar to username, etc.) in django
- Django auth: increasing max username length
- How to set minimum number of characters for user password in django-allauth
- Minimum length in password for django form
- unexpected keyword argument 'max_length' in AUTH_PASSWORD_VALIDATORS
- Enforcing a min length in Django password
- Django fail to raise an error when a minimum length password is required
- Django -- Password Clean fails when min_length is set