pinax · rizumu · Sep 17, 2014 · Sep 17, 2014 · Sep 17, 2014 · Sep 17, 2014
diff --git a/account/forms.py b/account/forms.py
@@ -158,8 +158,8 @@ def clean_password_current(self):
 
     def clean_password_new_confirm(self):
         if "password_new" in self.cleaned_data and "password_new_confirm" in self.cleaned_data:
-            if self.cleaned_data["password_new"] != self.cleaned_data["password_new_confirm"]:
-                raise forms.ValidationError(_("You must type the same password each time."))
+            return hookset.clean_password(self.cleaned_data["password_new"],
+                                          self.cleaned_data["password_new_confirm"])
         return self.cleaned_data["password_new_confirm"]
 
 
@@ -187,8 +187,8 @@ class PasswordResetTokenForm(forms.Form):
 
     def clean_password_confirm(self):
         if "password" in self.cleaned_data and "password_confirm" in self.cleaned_data:
-            if self.cleaned_data["password"] != self.cleaned_data["password_confirm"]:
-                raise forms.ValidationError(_("You must type the same password each time."))
+            return hookset.clean_password(self.cleaned_data["password"],
+                                          self.cleaned_data["password_confirm"])
         return self.cleaned_data["password_confirm"]
 
 

diff --git a/account/hooks.py b/account/hooks.py
@@ -1,8 +1,10 @@
 import hashlib
 import random
 
+from django import forms
 from django.core.mail import send_mail
 from django.template.loader import render_to_string
+from django.utils.translation import ugettext_lazy as _
 
 from account.conf import settings
 
@@ -50,6 +52,11 @@ def get_user_credentials(self, form, identifier_field):
             "password": form.cleaned_data["password"],
         }
 
+    def clean_password(self, password_new, password_new_confirm):
+        if password_new != password_new_confirm:
+            raise forms.ValidationError(_("You must type the same password each time."))
+        return password_new
+
 
 class HookProxy(object):
 

diff --git a/docs/usage.rst b/docs/usage.rst
@@ -32,14 +32,14 @@ customization during sign up. Here's an example of a custom ``SignupView``
 defined in your project::
 
     import account.views
-    
-    
+
+
     class SignupView(account.views.SignupView):
-        
+
         def after_signup(self, form):
             self.update_profile(form)
             super(SignupView, self).after_signup(form)
-        
+
         def update_profile(self, form):
             profile = self.created_user.get_profile()
             profile.some_attr = "some value"
@@ -51,12 +51,12 @@ the sender, `User` like so::
 
     from django.dispatch import receiver
     from django.db.models.signals import post_save
-    
+
     from django.contrib.auth.models import User
-    
+
     from mysite.profiles.models import UserProfile
-    
-    
+
+
     @receiver(post_save, sender=User)
     def handle_user_save(sender, instance, created, **kwargs):
         if created:
@@ -66,32 +66,32 @@ the sender, `User` like so::
 You can define your own form class to add fields to the sign up process::
 
     # forms.py
-    
+
     from django import forms
     from django.forms.extras.widgets import SelectDateWidget
-    
+
     import account.forms
-    
-    
+
+
     class SignupForm(account.forms.SignupForm):
-        
+
         birthdate = forms.DateField(widget=SelectDateWidget(years=range(1910, 1991)))
-    
+
     # views.py
-    
+
     import account.views
-    
+
     import myproject.forms
-    
-    
+
+
     class SignupView(account.views.SignupView):
-       
+
        form_class = myproject.forms.SignupForm
-       
+
        def after_signup(self, form):
            self.create_profile(form)
            super(SignupView, self).after_signup(form)
-       
+
        def create_profile(self, form):
            profile = self.created_user.get_profile()
            profile.birthdate = form.cleaned_data["birthdate"]
@@ -100,10 +100,10 @@ You can define your own form class to add fields to the sign up process::
 To hook this up for your project you need to override the URL for sign up::
 
     from django.conf.urls import patterns, include, url
-    
+
     import myproject.views
-    
-    
+
+
     urlpatterns = patterns("",
         url(r"^account/signup/$", myproject.views.SignupView.as_view(), name="account_signup"),
         url(r"^account/", include("account.urls")),
@@ -124,57 +124,57 @@ or get rid of them entirely.
 To enable email authentication do the following:
 
 1. check your settings for the following values::
-   
+
        ACCOUNT_EMAIL_UNIQUE = True
        ACCOUNT_EMAIL_CONFIRMATION_REQUIRED = True
-   
+
    .. note::
-   
+
        If you need to change the value of ``ACCOUNT_EMAIL_UNIQUE`` make sure your
        database schema is modified to support a unique email column in
        ``account_emailaddress``.
-   
+
    ``ACCOUNT_EMAIL_CONFIRMATION_REQUIRED`` is optional, but highly
    recommended to be ``True``.
 
 2. define your own ``LoginView`` in your project::
-   
+
        import account.forms
        import account.views
-       
-       
+
+
        class LoginView(account.views.LoginView):
-           
+
            form_class = account.forms.LoginEmailForm
 
 3. ensure ``"account.auth_backends.EmailAuthenticationBackend"`` is in ``AUTHENTICATION_BACKENDS``
 
 If you want to get rid of username you'll need to do some extra work:
 
 1. define your own ``SignupForm`` and ``SignupView`` in your project::
-   
+
        # forms.py
-       
+
        import account.forms
-       
-       
+
+
        class SignupForm(account.forms.SignupForm):
-           
+
            def __init__(self, *args, **kwargs):
                super(SignupForm, self).__init__(*args, **kwargs)
                del self.fields["username"]
-       
+
        # views.py
-       
+
        import account.views
-       
+
        import myproject.forms
-       
-       
+
+
        class SignupView(account.views.SignupView):
-           
+
            form_class = myproject.forms.SignupForm
-           
+
            def generate_username(self, form):
                # do something to generate a unique username (required by the
                # Django User model, unfortunately)
@@ -186,19 +186,19 @@ If you want to get rid of username you'll need to do some extra work:
    when representing the user in the user interface. Keep in mind not
    everything you include in your project will do what you expect when
    removing usernames entirely.
-   
+
    Set ``ACCOUNT_USER_DISPLAY`` in settings to a callable suitable for your
    site::
-   
+
        ACCOUNT_USER_DISPLAY = lambda user: user.email
-   
+
    Your Python code can use ``user_display`` to handle user representation::
-   
+
        from account.utils import user_display
        user_display(user)
-   
+
    Your templates can use ``{% user_display request.user %}``::
-   
+
        {% load account_tags %}
        {% user_display request.user %}
 
@@ -256,3 +256,44 @@ And in your settings::
     TEST_RUNNER = "lib.tests.MyTestDiscoverRunner"
 
 
+Defining a custom password checker
+==================================
+
+First add the path to the module which contains the
+`AccountDefaultHookSet` subclass to your settings::
+
+    ACCOUNT_HOOKSET = "scenemachine.hooks.AccountHookSet"
+
+Then define a custom `clean_password` method on the `AccountHookSet`
+class.
+
+Here is an example that harnesses the `VeryFacistCheck` dictionary
+checker from `cracklib`_.::
+
+    import cracklib
+
+    from django import forms from django.conf import settings from
+    django.template.defaultfilters import mark_safe from
+    django.utils.translation import ugettext_lazy as _
+
+    from account.hooks import AccountDefaultHookSet
+
+
+    class AccountHookSet(AccountDefaultHookSet):
+
+        def clean_password(self, password_new, password_new_confirm):
+            password_new = super(AccountHookSet, self).clean_password(password_new, password_new_confirm)
+            try:
+                dictpath = "/usr/share/cracklib/pw_dict"
+                if dictpath:
+                    cracklib.VeryFascistCheck(password_new, dictpath=dictpath)
+                else:
+                    cracklib.VeryFascistCheck(password_new)
+                return password_new
+            except ValueError as e:
+                message = _(unicode(e))
+                raise forms.ValidationError, mark_safe(message)
+            return password_new
+
+
+.. _cracklib: https://pypi.python.org/pypi/cracklib/2.8.19