auth: Make sure that we enforce max_length during password reset.

Make sure that we use the max password length defined in
RegistrationForm.MAX_PASSWORD_LENGTH when validating the
password for the password reset form.

Fixes #15087.

Signed-off-by: Hemanth V. Alluri <hdrive1999@gmail.com>
This commit is contained in:
Hemanth V. Alluri 2020-05-28 14:52:45 +05:30 committed by Tim Abbott
parent e509a13db0
commit 37d34dda1c
1 changed files with 15 additions and 1 deletions

View File

@ -1,6 +1,6 @@
from django import forms from django import forms
from django.conf import settings from django.conf import settings
from django.contrib.auth import authenticate from django.contrib.auth import authenticate, password_validation
from django.contrib.auth.forms import SetPasswordForm, AuthenticationForm, \ from django.contrib.auth.forms import SetPasswordForm, AuthenticationForm, \
PasswordResetForm PasswordResetForm
from django.core.exceptions import ValidationError from django.core.exceptions import ValidationError
@ -194,6 +194,20 @@ class RealmCreationForm(forms.Form):
email_is_not_disposable]) email_is_not_disposable])
class LoggingSetPasswordForm(SetPasswordForm): class LoggingSetPasswordForm(SetPasswordForm):
new_password1 = forms.CharField(
label=_("New password"),
widget=forms.PasswordInput(attrs={'autocomplete': 'new-password'}),
strip=False,
help_text=password_validation.password_validators_help_text_html(),
max_length=RegistrationForm.MAX_PASSWORD_LENGTH,
)
new_password2 = forms.CharField(
label=_("New password confirmation"),
strip=False,
widget=forms.PasswordInput(attrs={'autocomplete': 'new-password'}),
max_length=RegistrationForm.MAX_PASSWORD_LENGTH,
)
def clean_new_password1(self) -> str: def clean_new_password1(self) -> str:
new_password = self.cleaned_data['new_password1'] new_password = self.cleaned_data['new_password1']
if not check_password_strength(new_password): if not check_password_strength(new_password):