Merge pull request #27 from thapabishwa/feature/update_password_valid…

…ation Strengthen the password validator by using it in the APIView
anexia-it · Mar 24, 2019 · abde4b0 · abde4b0
2 parents 3bcd52a + b3bdc8e
commit abde4b0
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 13 deletions.
diff --git a/django_rest_passwordreset/serializers.py b/django_rest_passwordreset/serializers.py
@@ -1,5 +1,3 @@
-from django.contrib.auth.password_validation import validate_password
-from django.core.exceptions import ValidationError
 from django.utils.translation import ugettext_lazy as _
 
 from rest_framework import serializers
@@ -11,12 +9,4 @@ class EmailSerializer(serializers.Serializer):
 
 class PasswordTokenSerializer(serializers.Serializer):
     password = serializers.CharField(label=_("Password"), style={'input_type': 'password'})
-    token = serializers.CharField()
-
-    def validate_password(self, password):
-        try:
-            validate_password(password)
-        except ValidationError as e:
-            raise serializers.ValidationError(e.messages)
-
-        return password
+    token = serializers.CharField()
diff --git a/django_rest_passwordreset/views.py b/django_rest_passwordreset/views.py
@@ -1,9 +1,11 @@
 from datetime import timedelta
 from django.contrib.auth import get_user_model
+from django.core.exceptions import ValidationError
+from django.contrib.auth.password_validation import validate_password, get_password_validators
 from django.utils.translation import ugettext_lazy as _
 from django.utils import timezone
-
-from rest_framework import status
+from django.conf import settings
+from rest_framework import status, serializers
 from rest_framework.exceptions import ValidationError
 from rest_framework.generics import GenericAPIView
 from rest_framework.response import Response
@@ -49,6 +51,11 @@ def post(self, request, *args, **kwargs):
         # change users password
         if reset_password_token.user.has_usable_password():
             pre_password_reset.send(sender=self.__class__, user=reset_password_token.user)
+            try:
+                validate_password(password, user=reset_password_token.user, password_validators=get_password_validators(settings.AUTH_PASSWORD_VALIDATORS))
+            except ValidationError as e:
+                raise serializers.ValidationError(e.messages)
+
             reset_password_token.user.set_password(password)
             reset_password_token.user.save()
             post_password_reset.send(sender=self.__class__, user=reset_password_token.user)