Django AUTH_PASSWORD_VALIDATORS is not honored #240
Description
This continues the conversation at Tivix/django-rest-auth#226 (from the old repo).
A PR (Tivix/django-rest-auth#482) was made, but didn't make it into the new repo. I propose that it gets added. I've tested the /rest-auth/registration/ endpoint using the default value of AUTH_PASSWORD_VALIDATORS in settings.py:
AUTH_PASSWORD_VALIDATORS = [
{
'NAME':
'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME':
'django.contrib.auth.password_validation.MinimumLengthValidator',
},
{
'NAME':
'django.contrib.auth.password_validation.CommonPasswordValidator',
},
{
'NAME':
'django.contrib.auth.password_validation.NumericPasswordValidator',
},
]Originally, the first in the list, UserAttributeSimilarityValidator, wasn't getting checked, so I wrote some tests for it that check the following:
# identical username
body = {
'username': 'harold123',
'email': 'harold@example.com',
'password1': 'harold123',
'password2': 'harold123',
}
# identical email
body = {
'username': 'isabelle',
'email': 'isabelle@example.com',
'password1': 'isabelle@example.com',
'password2': 'isabelle@example.com',
}
# similar username
body = {
'username': 'supercoolusername',
'email': 'joshua@example.com',
'password1': 'supercoolusername1',
'password2': 'supercoolusername1',
}
# similar email
body = {
'username': 'kelly',
'email': 'kelly@example.com',
'password1': 'kelly@example.com123',
'password2': 'kelly@example.com123',
}These all result in a HTTP_201_CREATED response using django_rest_auth and dj_rest_auth pip packages, when it should be HTTP_400_BAD_REQUEST. When I install with pip install git+https://github.com/dgilge/django-rest-auth@patch-2, the tests pass.