From de0b2d5028e22caefcb20ab109603278131da630 Mon Sep 17 00:00:00 2001 From: Daniel Gilge <33256939+dgilge@users.noreply.github.com> Date: Sat, 10 Nov 2018 19:05:24 +0100 Subject: [PATCH 1/3] Make signup honor AUTH_PASSWORD_VALIDATORS --- rest_auth/registration/serializers.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/rest_auth/registration/serializers.py b/rest_auth/registration/serializers.py index 4f99c18..9dc6f3a 100644 --- a/rest_auth/registration/serializers.py +++ b/rest_auth/registration/serializers.py @@ -1,3 +1,4 @@ +from django.core.exceptions import ValidationError as DjangoValidationError from django.http import HttpRequest from django.utils.translation import ugettext_lazy as _ from django.contrib.auth import get_user_model @@ -207,7 +208,12 @@ class RegisterSerializer(serializers.Serializer): adapter = get_adapter() user = adapter.new_user(request) self.cleaned_data = self.get_cleaned_data() - adapter.save_user(request, user, self) + user = adapter.save_user(request, user, self, commit=False) + try: + adapter.clean_password(self.cleaned_data['password1'], user=user) + except DjangoValidationError as e: + raise serializers.ValidationError(e.messages) + user.save() self.custom_signup(request, user) setup_user_email(request, user, []) return user From c0d3debe4ca8c333ed40eb15b7c774c80171802b Mon Sep 17 00:00:00 2001 From: Daniel <33256939+dgilge@users.noreply.github.com> Date: Sat, 10 Nov 2018 22:14:31 +0100 Subject: [PATCH 2/3] Add tests --- rest_auth/tests/test_api.py | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/rest_auth/tests/test_api.py b/rest_auth/tests/test_api.py index 9c5fd9e..94ec0c4 100644 --- a/rest_auth/tests/test_api.py +++ b/rest_auth/tests/test_api.py @@ -245,6 +245,17 @@ class APIBasicTests(TestsMixin, TestCase): # send empty payload self.post(self.password_change_url, data={}, status_code=400) + @override_settings(AUTH_PASSWORD_VALIDATORS=[ + {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'} + ]) + def test_password_change_honors_password_validators(self): + login_payload = {"username": self.USERNAME, "password": self.PASS} + get_user_model().objects.create_user(self.USERNAME, '', self.PASS) + self.post(self.login_url, data=login_payload, status_code=200) + self.token = self.response.json['key'] + new_password_payload = {"new_password1": 123, "new_password2": 123} + self.post(self.password_change_url, data=new_password_payload, status_code=400) + @override_settings(OLD_PASSWORD_FIELD_ENABLED=True) def test_password_change_with_old_password(self): login_payload = { @@ -360,6 +371,20 @@ class APIBasicTests(TestsMixin, TestCase): self.post(self.password_reset_url, data=payload, status_code=200) self.assertEqual(len(mail.outbox), mail_count) + @override_settings(AUTH_PASSWORD_VALIDATORS=[ + {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'} + ]) + def test_password_reset_honors_password_validators(self): + user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS) + url_kwargs = self._generate_uid_and_token(user) + data = { + 'new_password1': 123, + 'new_password2': 123, + 'uid': force_text(url_kwargs['uid']), + 'token': url_kwargs['token'] + } + self.post(reverse('rest_password_reset_confirm'), data=data, status_code=400) + def test_user_details(self): user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS) payload = { @@ -407,6 +432,12 @@ class APIBasicTests(TestsMixin, TestCase): self._login() self._logout() + @override_settings(AUTH_PASSWORD_VALIDATORS=[ + {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'} + ]) + def test_registration_honors_password_validators(self): + self.post(self.register_url, data=self.REGISTRATION_DATA, status_code=400) + @override_settings(REST_AUTH_REGISTER_PERMISSION_CLASSES=(CustomPermissionClass,)) def test_registration_with_custom_permission_class(self): From 8f47bc9d14aec9a1ed495a13ef333e676489d4eb Mon Sep 17 00:00:00 2001 From: Daniel Gilge <33256939+dgilge@users.noreply.github.com> Date: Wed, 21 Nov 2018 10:41:00 +0100 Subject: [PATCH 3/3] Add as_serializer_error for consistent error messages --- rest_auth/registration/serializers.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/rest_auth/registration/serializers.py b/rest_auth/registration/serializers.py index 9dc6f3a..2271f1e 100644 --- a/rest_auth/registration/serializers.py +++ b/rest_auth/registration/serializers.py @@ -211,8 +211,10 @@ class RegisterSerializer(serializers.Serializer): user = adapter.save_user(request, user, self, commit=False) try: adapter.clean_password(self.cleaned_data['password1'], user=user) - except DjangoValidationError as e: - raise serializers.ValidationError(e.messages) + except DjangoValidationError as exc: + raise serializers.ValidationError( + detail=serializers.as_serializer_error(exc) + ) user.save() self.custom_signup(request, user) setup_user_email(request, user, [])