Configured password validators are not executing when creating a new user or changing the password for existing user

[nishant131]

Deployment Type

NetBox Cloud

NetBox Version

v4.0.7

Python Version

3.10

Steps to Reproduce

1. Configure password validation in the netbox/netbox/configuration.py file. Refer below code for the same:

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
        'OPTIONS': {
            'min_length': 8,
        }
    }
]

2. Login as a superuser.
3. Click "Admin" -> "Authentication" -> "Users"
4. Click on "+ Add".
5. Fill the details for the user and set password and confirm password as pass1.
6. Click "Create".
7. User gets created successfully.

Instead of adding a new user from step 4 to 6, we can also just update the password for an existing users, and set it as pass1. The result would be the same.

Expected Behavior

User creation or password updation should fail from "Admin" -> "Authentication" -> "Users".

Observed Behavior

User is being created without adhering to the configured password policy.

[nishant131]

The root cause for this issue is that the clean() method of UserForm class in the netbox/users/forms/model_forms.py file, we are just validating that password and confirm_password are same or not. We need to call password_validation.validate_password() over here.

[nishant131]

@arthanson, I can take the ownership for this issue. I have already fixed it in this commit and have verified it in my setup.
I have raised a PR, #16982 for the same.