Implement minimum length for passwords in account creation

contentcuration/contentcuration/forms.py

@@ -9,6 +9,7 @@
 from django.core import signing
 from django.db.models import Q
 from django.template.loader import render_to_string
+from django.core.exceptions import ValidationError
 
 from contentcuration.models import User
 
@@ -49,6 +50,15 @@ def clean_email(self):
         if User.objects.filter(Q(is_active=True) | Q(deleted=True), email__iexact=email).exists():
             raise UserWarning
         return email
+
+    def clean_password1(self):
+        print(self.cleaned_data['password1'],"Hello ji 2")
+        password1 = self.cleaned_data['password1']
+        if len(password1) < 8:
+            # raise ValidationError()
+            raise ValidationError("Password must be at least 8 characters long.", code='password_too_short')
+            # raise UserWarning
+        return password1
 
     def clean(self):
         super(RegistrationForm, self).clean()

contentcuration/contentcuration/frontend/accounts/pages/Create.vue

@@ -51,6 +51,8 @@
         <PasswordField
           v-model="form.password1"
           :label="$tr('passwordLabel')"
+
+          :error-messages="password1Errors"
         />
         <PasswordField
           v-model="form.password2"
@@ -241,6 +243,9 @@
       passwordConfirmRules() {
         return [value => (this.form.password1 === value ? true : this.$tr('passwordMatchMessage'))];
       },
+      // passwordValidationRules() {
+      //   return [value =>(value.length >= 8 ? true : this.$tr('passwordValidationMessage'))];
+      // },
       tosAndPolicyRules() {
         return [value => (value ? true : this.$tr('ToSRequiredMessage'))];
       },
@@ -433,7 +438,10 @@
             .catch(error => {
               if (error.message === 'Network Error') {
                 this.$refs.top.scrollIntoView({ behavior: 'smooth' });
-              } else if (error.response.status === 403) {
+              } else if (error.response.status === 400) {
+                this.password1Errors = [this.$tr('passwordValidationMessage')];
+              }
+              else if (error.response.status === 403) {
                 this.emailErrors = [this.$tr('emailExistsMessage')];
               } else if (error.response.status === 405) {
                 this.$router.push({ name: 'AccountNotActivated' });
@@ -465,6 +473,7 @@
       passwordLabel: 'Password',
       confirmPasswordLabel: 'Confirm password',
       passwordMatchMessage: "Passwords don't match",
+      passwordValidationMessage: "Password should be at least 8 characters long",
 
       // Usage question
       usageLabel: 'How do you plan on using Kolibri Studio (check all that apply)',

contentcuration/contentcuration/views/users.py

@@ -9,7 +9,7 @@
 from django.contrib.auth.views import PasswordResetView
 from django.contrib.sites.models import Site
 from django.contrib.sites.shortcuts import get_current_site
-from django.core.exceptions import PermissionDenied
+from django.core.exceptions import PermissionDenied, ValidationError
 from django.core.mail import send_mail
 from django.http import HttpResponse
 from django.http import HttpResponseBadRequest
@@ -162,13 +162,22 @@ class UserRegistrationView(RegistrationView):
     http_method_names = ["post"]
 
     def post(self, request):
+        print("Hello ji")
         data = json.loads(request.body)
         form = self.form_class(data)
         try:
             # Registration is valid or user hasn't set account up (invitation workflow)
             if form.is_valid():
                 self.register(form)
                 return HttpResponse()
+
+            # Password validation failed response
+            # if 'password1' in form.errors.keys():
+            #     password_errors = form.errors['password1']
+            #     print(password_errors, "Print")
+            #     return HttpResponseBadRequest(
+            #         status=400, reason="Password should be at least 8 characters long."
+            #     )
 
             # Legacy handle invitations where users haven't activated their accounts
             inactive_user = User.get_for_email(data['email'], is_active=False, password='')
@@ -188,8 +197,22 @@ def post(self, request):
                 return HttpResponseBadRequest(
                     status=405, reason="Account hasn't been activated"
                 )
-            return HttpResponseBadRequest()
-        except UserWarning:
+
+            # if form._errors["password1"]:
+            #     password_errors = form.errors['password1']
+            #     print(password_errors, form._errors["password1"], "Print3")
+            #     return HttpResponseBadRequest(
+            #         status=400, reason="Password should be at least 8 characters long."
+            #     )
+            return HttpResponseBadRequest()     
+        except ValidationError:
+            print("Hello ji 3")
+            # if form.errors["password1"]:
+            #     password_errors = form.errors['password1']
+            #     print(password_errors, form._errors["password1"], "Print2")
+            #     return HttpResponseBadRequest(
+            #         status=400, reason="Password should be at least 8 characters long."
+            #     )
             return HttpResponseForbidden()
 
     def send_activation_email(self, user):