Menu
I am currently using django.contrib.auth.views.password_password_reset_confirm to change a user's password. This is how my urls look:
from django.contrib.auth import views as auth_views
url(r'^password/reset/confirm/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$',
redirect_if_loggedin(auth_views.password_reset_confirm),
name='auth_password_reset_confirm'),
Currently, I am doing it directly into the django trunk -
# django.contrib.auth.views
def clean_new_password2(self):
password1 = self.cleaned_data.get('new_password1')
password2 = self.cleaned_data.get('new_password2')
if password1 and password2:
if len(password1) < 8:
raise forms.ValidationError(_("Password must be at least 8 chars."))
if password1 != password2:
raise forms.ValidationError(_("The two password fields didn't match."))
return password2
Surely there must be a better way.
944
How To Create Your Own Django Password Validator. If you have more specific needs, you can create your own validators. To do so, simply create your own classes based on object and raise a ValidationError if the entered password fails. class NumberValidator(object): def validate(self, password, user=None): if not re.
By default, Django uses the PBKDF2 algorithm with a SHA256 hash, a password stretching mechanism recommended by NIST. This should be sufficient for most users: it's quite secure, requiring massive amounts of computing time to break.
The Django's Forms The above form has two inputs - a text field named username (the name attribute in the html input field is what determines the name of input field) and a password field named password - and a submit button.
Decrypt Password: Django doesn't provide any built-in library or function to decrypt the encrypted password. As decrypting a password is never a good idea. Instead of decrypting the hash password, we compare the hash password with the plaintext password and check whether they are equivalent to the hash password or not.
The code that I eventually wrote after understanding Arthur's accepted answer:
This is the inherited form:
class SetPasswordWithMinLengthForm(SetPasswordForm):
"""
Inherited form that lets a user change set his/her password without
entering the old password while validating min password length
"""
def clean_new_password1(self):
password1 = self.cleaned_data.get('new_password1')
if len(password1) < 4:
raise ValidationError("Password must be at least 4 chars.")
return password1
In the urls.py you can instruct the view to use the custom form by specifing set_password_form:
url(r'^forgot_password/reset/(?P<uidb36>[0-9A-Za-z]+)-(?P<token>.+)/$',
'django.contrib.auth.views.password_reset_confirm',
{'set_password_form':SetPasswordWithMinLengthForm}),
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
