#35693: Password validators aren't callable
-------------------------------------+-------------------------------------
Reporter: iamkorniichuk | Owner: Antoliny
Type: | Status: assigned
Cleanup/optimization |
Component: contrib.auth | Version: dev
Severity: Normal | Resolution:
Keywords: validators password | Triage Stage: Accepted
callable |
Has patch: 1 | Needs documentation: 1
Needs tests: 1 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Antoliny):
If we provide {{{.__call__}}} magic method to the password validator
class, it can be used like a regular validator class.
{{{
# password_validation.py
class CommonPasswordValidator:
def __call__(self, *args, **kwargs):
return self.validate(*args, **kwargs)
# views.py
from django import forms
from django.contrib.auth.password_validation import
CommonPasswordValidator
valid_common_password = CommonPasswordValidator()
class TestForm(forms.Form):
email = forms.EmailField()
password = forms.CharField(validators=[valid_common_password])
>>> form = TestForm(data={"email":"[email protected]",
"password":"1234"})
>>> form.is_valid()
False
>>> form.errors
{'password': ['This password is too common.']}
}}}
However, unlike the general validation class, the password validation
requires two arguments for verification. (password, user)
{{{
def validate_password(password, user=None, password_validators=None):
...
for validator in password_validators:
try:
validator.validate(password, user)
}}}
Fortunately, the validation class validate method specifies the default
value of the user argument to None, so there is no problem calling it, but
I don't know if __call__ is required for classes such as
UserAttributeSimilarityValidator because the validate is terminated when
the user argument does not exist.
I think it's a good way to add {{{.__call__}}}magic method to the password
validation class, but there are questions as above. I'm sorry, but could
you please review it again?
--
Ticket URL: <https://code.djangoproject.com/ticket/35693#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/010701935c7409be-dc51b3a8-c143-4a14-b7fd-a4cadb1c6130-000000%40eu-central-1.amazonses.com.
