Merge pull request #1423 from IFRCGo/feature/adding-more-password-policies

szabozoltan69 · web-flow · commit e378fb7396d9 · 2022-04-27T15:12:21.000+02:00
Stronger password policy: Aa1@ is mandatory.
diff --git a/main/settings.py b/main/settings.py
@@ -245,18 +245,14 @@
 }
 
 AUTH_PASSWORD_VALIDATORS = [
-    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
-    },
-    {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
-    },
+    {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',  },
+    {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',  },
+    {'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',  },
+    {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',  },
+    {'NAME': 'main.validators.NumberValidator', },
+    {'NAME': 'main.validators.UppercaseValidator', },
+    {'NAME': 'main.validators.LowercaseValidator', },
+    {'NAME': 'main.validators.SymbolValidator', },
 ]
 
 TINYMCE_DEFAULT_CONFIG = {
diff --git a/main/validators.py b/main/validators.py
@@ -0,0 +1,61 @@
+import re
+from django.core.exceptions import ValidationError
+from django.utils.translation import ugettext_lazy as _
+
+
+class NumberValidator(object):
+    def validate(self, password, user=None):
+        if not re.findall('\d', password):
+            raise ValidationError(
+                _("The password must contain at least 1 digit, 0-9."),
+                code='password_no_number',
+            )
+
+    def get_help_text(self):
+        return _(
+            "Your password must contain at least 1 digit, 0-9."
+        )
+
+
+class UppercaseValidator(object):
+    def validate(self, password, user=None):
+        if not re.findall('[A-Z]', password):
+            raise ValidationError(
+                _("The password must contain at least 1 uppercase letter, A-Z."),
+                code='password_no_upper',
+            )
+
+    def get_help_text(self):
+        return _(
+            "Your password must contain at least 1 uppercase letter, A-Z."
+        )
+
+
+class LowercaseValidator(object):
+    def validate(self, password, user=None):
+        if not re.findall('[a-z]', password):
+            raise ValidationError(
+                _("The password must contain at least 1 lowercase letter, a-z."),
+                code='password_no_lower',
+            )
+
+    def get_help_text(self):
+        return _(
+            "Your password must contain at least 1 lowercase letter, a-z."
+        )
+
+
+class SymbolValidator(object):
+    def validate(self, password, user=None):
+        if not re.findall('[()[\]{}|\\`~!@#$%^&*_\-+=;:\'",<>./?]', password):
+            raise ValidationError(
+                _("The password must contain at least 1 symbol: " +
+                  "()[]{}|\`~!@#$%^&*_-+=;:'\",<>./?"),
+                code='password_no_symbol',
+            )
+
+    def get_help_text(self):
+        return _(
+            "Your password must contain at least 1 symbol: " +
+            "()[]{}|\`~!@#$%^&*_-+=;:'\",<>./?"
+        )
