On 6/02/2019 6:32 pm, Mike Dewhirst wrote:
On 6/02/2019 5:15 pm, 'Amitesh Sahay' via Django users wrote:
I have an existing django views.py where I have some password,
username, and email validation logic applied. However, going forward
I need to apply more advanced password validation. for e.g. password
length limitation, uppercase sensitivity etc. I have a code written
for advanced validation, but I am not able to apply them to my
existing views.py.
You appear to be avoiding Django forms. Conventional wisdom says the
best reason for using forms is to employ the built-in validation like
this ...
from django.contrib.auth.forms import UserCreationForm
class MyUserCreationForm(UserCreationForm):
"""
https://docs.djangoproject.com/en/1.11/topics/auth/customizing/#
custom-users-and-the-built-in-auth-forms
"""
first_name = forms.CharField(
max_length=30,
required=True,
help_text='Required',
)
last_name = forms.CharField(
max_length=30,
required=True,
help_text='Required'
)
username = forms.CharField(
max_length=150,
required=True,
help_text='Required. Letters, digits and @/./+/-/_ only',
)
email = forms.EmailField(
max_length=254,
required=True,
help_text='Required'
)
class Meta(UserCreationForm.Meta):
model = User
fields = [
'first_name',
'last_name',
'username',
'password1',
'password2',
'email',
]
def __init__(self, *args, **kwargs):
super(CommonUserCreationForm, self).__init__(*args, **kwargs)
if 'first_name' in self.fields:
self.fields['first_name'].widget.attrs.update({'autofocus': True})
If you do that you can simplify your register_view() like this ...
from django.contrib.auth import get_user_model
from .forms import MyUserCreationForm # sorry
# from .forms import CommonUserCreationForm
def register_view(request):
if request.method == 'POST':
form = MyUserCreationForm(request.POST)
# don't like usernames which differ only by character case
#
username = form.data.get('username')
User = get_user_model()
try:
user = User.objects.get(username__iexact=username)
i_username = user.username
if i_username.lower() == username.lower():
form.add_error(
'username',
ValidationError('{0} already
exists'.format(i_username))
)
except User.DoesNotExist:
# DoesNotExist is the expected case
pass
#
if form.is_valid():
form.save()
user = User.objects.get(username__iexact=username)
user.username = form.cleaned_data.get('username')
user.first_name = form.cleaned_data.get('first_name')
user.last_name = form.cleaned_data.get('last_name')
user.email = form.cleaned_data.get('email')
user.save()
raw_password = form.cleaned_data.get('password1')
user = authenticate(username=username, password=raw_password)
auth_login(request, user)
return redirect('myapp:index_view')
else:
form = MyUserCreationForm()
return render(request, 'register.html', {'form': form})
And finally to answer your original question if you do something
similar to the above you can add password validators *to be used in
the form* in your settings module. Like this ...
#
https://docs.djangoproject.com/en/1.11/ref/settings/#auth-password-validators
AUTH_PASSWORD_VALIDATORS = [
{
'NAME':
'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME':
'django.contrib.auth.password_validation.MinimumLengthValidator',
'OPTIONS': {
'error_message': 'Password too short',
'help_message': 'This password needs to be at least 23
characters',
}
},
{
'NAME':
'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME':
'django.contrib.auth.password_validation.NumericPasswordValidator',
},
{
'NAME':
'pwned_passwords_django.validators.PwnedPasswordsValidator',
'OPTIONS': {
'error_message': 'Known insecure password',
'help_message': 'That is a known insecure password and
cannot be used here.',
}
},
]
Hope that helps
Mike
Below is the code from views.py
|from||||django.shortcuts ||import||||render,||||redirect|
|from||||django.contrib.auth.models ||import||||User|
|from||||django.contrib ||import||||messages|
|from||||.||||import||||validator|
|def||||register(request):|
|if||||request.method ==||||'POST'||:|
|first_name =||||request.POST[||'first_name'||]|
|last_name =||||request.POST[||'last_name'||]|
|email =||||request.POST[||'email'||]|
|username =||||request.POST[||'username'||]|
|password
=||||request.POST[||'password'||,||||validator.||MinimumLengthValidator||]|
|password2 =||||request.POST[||'password2'||]|
|# check if the password match|
|if||||password ==||||password2:|
|if||||User||.objects.filter(username=username).exists():|
|messages.error(request,||||'username already exist'||)|
|return||||redirect(||'register'||)|
|else||:|
|if||||User||.objects.filter(email=email).exists():|
|messages.error(request,||||'Registration Failed - Try different
email address'||)|
|return||||redirect(||'register'||)|
|else||:|
|user
=||||User||.objects.create_user(username=username,||||password=password,||||email=email,|
|first_name=first_name,||||last_name=last_name)|
|user.save()|
|messages.success(request,||||'Registration complete, please proceed
to login'||)|
|return||||redirect(||'register'||)|
|else||:|
|messages.error(request,||||'password dose not match'||)|
|return||||redirect(||'register'||)|
|else||:|
|return||||render(request,||||'ACCOUNTS/register.html'||)|
Below is the code for advanced password validation from validate.py
|import||||re |
|from||||django.core.exceptions ||import||||ValidationError|
|from||||django.utils.translation ||import||||ugettext ||as||||_ |
|class||||MinimumLengthValidator||:|
|def||||__init__(self,||||min_length=||8||):|
|self.min_length =||||min_length|
|def||||validate(self,||||password,||||user=||None||):|
|if||||len(password)||||<||||self.min_length:|
|raise||||ValidationError||(|
|_(||"This password must contain at least %(min_length)d
characters."||),|
|code=||'password_too_short'||,|
|params={||'min_length'||:||||self.min_length},|
|)|
|def||||get_help_text(self):|
|return||||_(|
|"Your password must contain at least %(self.min_length)d characters."|
|%||||{||'min_length'||:||||self.min_length}|
|)|
|class||||NumberValidator||(object):|
|def||||validate(self,||||password,||||user=||None||):|
|if||||not||||re.findall(||'\d'||,||||password):|
|raise||||ValidationError||(|
|_(||"The password must contain at least %(min_digits)d digit(s),
0-9."||),|
|code=||'password_no_number'||,|
|)|
|def||||get_help_text(self):|
|return||||_(|
|"Your password must contain at least 1 digit, 0-9."|
|)|
|class||||UppercaseValidator||(object):|
|def||||validate(self,||||password,||||user=||None||):|
|if||||not||||re.findall(||'[A-Z]'||,||||password):|
|raise||||ValidationError||(|
|_(||"The password must contain at least 1 uppercase letter, A-Z."||),|
|code=||'password_no_upper'||,|
|)|
|def||||get_help_text(self):|
|return||||_(|
|"Your password must contain at least 1 uppercase letter, A-Z."|
|)|
I have tried below steps.
|I imported the validator.py ||in||||the views.py,||and||||tried to
call the module.function inside the password field ||as||||below|
|password
=||||request.POST[||'password'||,||||validator.||MinimumLengthValidator||]|
But that doesn't work. If I am right, I can write a mixin class and
call it in my views.py. But I am using function based views. So, I am
not sure if I can use mixin. Please suggest how can we achieve the
desired result.
Regards,
Amitesh Sahay
*91-750 797 8619*
--
You received this message because you are subscribed to the Google
Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to django-users+unsubscr...@googlegroups.com
<mailto:django-users+unsubscr...@googlegroups.com>.
To post to this group, send email to django-users@googlegroups.com
<mailto:django-users@googlegroups.com>.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/894430447.3071951.1549433756290%40mail.yahoo.com
<https://groups.google.com/d/msgid/django-users/894430447.3071951.1549433756290%40mail.yahoo.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "Django
users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/ffb9cd61-7596-2118-6665-a0ac93ea5ff8%40dewhirst.com.au.
For more options, visit https://groups.google.com/d/optout.