Commit c86e7540 authored by Birin Sanchez's avatar Birin Sanchez
Browse files

Use same password restrictions across registration and password reset


forms.
Signed-off-by: Birin Sanchez's avatarBirin Sanchez <birin.sanchez@puri.sm>
parent 29cb2ee2
Pipeline #13471 passed with stage
in 37 seconds
......@@ -25,8 +25,9 @@ from ldapregister.views import LdhLoginView
from cart.views import CartRegistrationView
from purist.views import Recovery, PasswordChange, \
PasswordChangeDone, ProfileConfigureView
PasswordChangeDone, ProfileConfigureView, RecoveryPasswordReset
from invitation.views import InvitationRegistrationView
from password_reset.views import reset_done, recover_done
#
# Set admin titles for this site
......@@ -53,12 +54,18 @@ urlpatterns = [
ProfileConfigureView.as_view(), name='profile_configure'),
# url(r'^accounts/register/$', RegistrationView.as_view(form_class=RegistrationForm), name='registration_register'),
url(r'^accounts/login/$', LdhLoginView.as_view(), name='auth_login'),
url(r'^accounts/recover/$', Recovery.as_view(), name='password_reset_recover'),
url(r'^accounts/recover/(?P<signature>.+)/$', recover_done,
name='password_reset_sent'),
url(r'^accounts/recover/$', Recovery.as_view(),
name='password_reset_recover'),
url(r'^accounts/reset/done/$', reset_done, name='password_reset_done'),
url(r'^accounts/reset/(?P<token>[\w:-]+)/$',
RecoveryPasswordReset.as_view(),
name='password_reset_reset'),
url(r'^accounts/password_change/$', PasswordChange.as_view(),
name='password_change'),
url(r'^accounts/password_change_done/$', PasswordChangeDone.as_view(),
name='password_change_done'),
url(r'^accounts/', include('password_reset.urls')),
url(r'^accounts/', include('registration.backends.simple.urls')),
url(r'^download/', include('django_agpl.urls')),
url(r'^jslicense/$', purist.views.jslicense, name='jslicense'),
......
import logging
import re
from django.conf import settings
from django.contrib.auth.password_validation import MinimumLengthValidator as BaseValidator
from django.utils.translation import ugettext_lazy as _
from django_auth_ldap.backend import LDAPBackend as BaseBackend
from django.core.exceptions import ValidationError
from woocommerce import API as WOOCOMMERCE_API
from .models import User, UsernameValidator
......@@ -101,3 +103,13 @@ class PassphraseValidator(BaseValidator):
def get_help_text(self):
return _("A good passphrase is made of at least three long words.")
def validate(self, password, user=None):
super(PassphraseValidator, self).validate(password, user)
pattern = r'[\\\'\"]'
result = re.search(pattern, password)
if result is not None:
raise ValidationError(
_('\\ \' and \" are not valid characters'),
code='invalid_character',
)
......@@ -5,8 +5,10 @@ from django.utils.translation import ugettext_lazy as _
from django.contrib.auth.forms import PasswordChangeForm \
as BasePasswordChangeForm
from django.contrib.auth import authenticate
from django.contrib.auth.password_validation import validate_password
from password_reset.forms import PasswordRecoveryForm \
as BasePasswordRecoveryForm
from password_reset.forms import PasswordResetForm as BasePasswordResetForm
from .models import User
from captcha.fields import CaptchaField
......@@ -52,6 +54,17 @@ class CaptchaPasswordRecoveryForm(PasswordRecoveryForm):
)
class RecoveryPasswordResetForm(BasePasswordResetForm):
def __init__(self, *args, **kwargs):
super(RecoveryPasswordResetForm, self).__init__(*args, **kwargs)
self.fields['password1'] = forms.CharField(
label=_('New password'),
widget=forms.PasswordInput,
validators=[validate_password],
)
class PasswordChangeForm(BasePasswordChangeForm):
# Override clean_old_password() to use authenticate which uses
......
......@@ -5,11 +5,11 @@ from rest_framework.views import APIView
from rest_framework.response import Response
from rest_framework import permissions
from django.http import Http404, FileResponse
from password_reset.views import Recover
from password_reset.views import Recover, Reset
from .serializers import UserSerializer
from .forms import CaptchaPasswordRecoveryForm, PasswordChangeForm, \
ProfileConfigureForm
ProfileConfigureForm, RecoveryPasswordResetForm
from django.contrib.auth.mixins import LoginRequiredMixin
from django.contrib.auth.views import PasswordChangeView \
as BasePasswordChangeView
......@@ -41,6 +41,10 @@ class Recovery(Recover):
search_fields = ['username']
class RecoveryPasswordReset(Reset):
form_class = RecoveryPasswordResetForm
class PasswordChangeDone(BasePasswordChangeDoneView):
template_name = 'purist/change_password_done.html'
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment