Merge 8f47bc9d14 into cdd04aa9be

2025-06-29 17:13:03 +03:00 · 2022-03-16 12:44:05 -06:00 · 2022-03-16 12:44:05 -06:00 · daeb02670f
commit daeb02670f
parent cdd04aa9be 8f47bc9d14
2 changed files with 40 additions and 1 deletions
--- a/rest_auth/registration/serializers.py
+++ b/rest_auth/registration/serializers.py
@ -1,3 +1,4 @@
+from django.core.exceptions import ValidationError as DjangoValidationError
 from django.http import HttpRequest
 from django.utils.translation import ugettext_lazy as _
 from django.contrib.auth import get_user_model
@ -207,7 +208,14 @@ class RegisterSerializer(serializers.Serializer):
        adapter = get_adapter()
        user = adapter.new_user(request)
        self.cleaned_data = self.get_cleaned_data()
-        adapter.save_user(request, user, self)
+        user = adapter.save_user(request, user, self, commit=False)
+        try:
+            adapter.clean_password(self.cleaned_data['password1'], user=user)
+        except DjangoValidationError as exc:
+            raise serializers.ValidationError(
+                detail=serializers.as_serializer_error(exc)
+            )
+        user.save()
        self.custom_signup(request, user)
        setup_user_email(request, user, [])
        return user
--- a/rest_auth/tests/test_api.py
+++ b/rest_auth/tests/test_api.py
@ -245,6 +245,17 @@ class APIBasicTests(TestsMixin, TestCase):
        # send empty payload
        self.post(self.password_change_url, data={}, status_code=400)

+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}
+    ])
+    def test_password_change_honors_password_validators(self):
+        login_payload = {"username": self.USERNAME, "password": self.PASS}
+        get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
+        self.post(self.login_url, data=login_payload, status_code=200)
+        self.token = self.response.json['key']
+        new_password_payload = {"new_password1": 123, "new_password2": 123}
+        self.post(self.password_change_url, data=new_password_payload, status_code=400)
+
    @override_settings(OLD_PASSWORD_FIELD_ENABLED=True)
    def test_password_change_with_old_password(self):
        login_payload = {
@ -360,6 +371,20 @@ class APIBasicTests(TestsMixin, TestCase):
        self.post(self.password_reset_url, data=payload, status_code=200)
        self.assertEqual(len(mail.outbox), mail_count)

+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}
+    ])
+    def test_password_reset_honors_password_validators(self):
+        user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
+        url_kwargs = self._generate_uid_and_token(user)
+        data = {
+            'new_password1': 123,
+            'new_password2': 123,
+            'uid': force_text(url_kwargs['uid']),
+            'token': url_kwargs['token']
+        }
+        self.post(reverse('rest_password_reset_confirm'), data=data, status_code=400)
+
    def test_user_details(self):
        user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
        payload = {
@ -407,6 +432,12 @@ class APIBasicTests(TestsMixin, TestCase):
        self._login()
        self._logout()

+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'}
+    ])
+    def test_registration_honors_password_validators(self):
+        self.post(self.register_url, data=self.REGISTRATION_DATA, status_code=400)
+
    @override_settings(REST_AUTH_REGISTER_PERMISSION_CLASSES=(CustomPermissionClass,))
    def test_registration_with_custom_permission_class(self):