Allow overriding of password validation

account/forms.py

@@ -168,8 +168,9 @@ def clean_password_current(self):
 
     def clean_password_new_confirm(self):
         if "password_new" in self.cleaned_data and "password_new_confirm" in self.cleaned_data:
-            if self.cleaned_data["password_new"] != self.cleaned_data["password_new_confirm"]:
-                raise forms.ValidationError(_("You must type the same password each time."))
+            password_new = self.cleaned_data["password_new"]
+            password_new_confirm = self.cleaned_data["password_new_confirm"]
+            return hookset.clean_password(password_new, password_new_confirm)
         return self.cleaned_data["password_new_confirm"]
 
 
@@ -197,8 +198,9 @@ class PasswordResetTokenForm(forms.Form):
 
     def clean_password_confirm(self):
         if "password" in self.cleaned_data and "password_confirm" in self.cleaned_data:
-            if self.cleaned_data["password"] != self.cleaned_data["password_confirm"]:
-                raise forms.ValidationError(_("You must type the same password each time."))
+            password = self.cleaned_data["password"]
+            password_confirm = self.cleaned_data["password_confirm"]
+            return hookset.clean_password(password, password_confirm)
         return self.cleaned_data["password_confirm"]
 
 

account/hooks.py

@@ -1,8 +1,10 @@
 import hashlib
 import random
 
+from django import forms
 from django.core.mail import send_mail
 from django.template.loader import render_to_string
+from django.utils.translation import ugettext_lazy as _
 
 from account.conf import settings
 
@@ -53,6 +55,11 @@ def get_user_credentials(self, form, identifier_field):
             "password": form.cleaned_data["password"],
         }
 
+    def clean_password(self, password_new, password_new_confirm):
+        if password_new != password_new_confirm:
+            raise forms.ValidationError(_("You must type the same password each time."))
+        return password_new
+
     def account_delete_mark(self, deletion):
         deletion.user.is_active = False
         deletion.user.save()

docs/usage.rst

@@ -278,3 +278,46 @@ To do the same with class based views, use the mixin::
 
     class RestrictedView(LoginRequiredMixin, View):
         pass
+
+
+Defining a custom password checker
+==================================
+
+First add the path to the module which contains the
+`AccountDefaultHookSet` subclass to your settings::
+
+    ACCOUNT_HOOKSET = "scenemachine.hooks.AccountHookSet"
+
+Then define a custom `clean_password` method on the `AccountHookSet`
+class.
+
+Here is an example that harnesses the `VeryFacistCheck` dictionary
+checker from `cracklib`_.::
+
+    import cracklib
+
+    from django import forms from django.conf import settings from
+    django.template.defaultfilters import mark_safe from
+    django.utils.translation import ugettext_lazy as _
+
+    from account.hooks import AccountDefaultHookSet
+
+
+    class AccountHookSet(AccountDefaultHookSet):
+
+        def clean_password(self, password_new, password_new_confirm):
+            password_new = super(AccountHookSet, self).clean_password(password_new, password_new_confirm)
+            try:
+                dictpath = "/usr/share/cracklib/pw_dict"
+                if dictpath:
+                    cracklib.VeryFascistCheck(password_new, dictpath=dictpath)
+                else:
+                    cracklib.VeryFascistCheck(password_new)
+                return password_new
+            except ValueError as e:
+                message = _(unicode(e))
+                raise forms.ValidationError, mark_safe(message)
+            return password_new
+
+
+.. _cracklib: https://pypi.python.org/pypi/cracklib/2.8.19