You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It's currently possible to reset passwords to one char (e.g. a), common passwords (e.g. abc123), and the username (e.g. username admin and password admin). Password validators could prevent this.
This is a difference with the builtin django.contrib.auth password reset on 1.9 (refs: #26).
The text was updated successfully, but these errors were encountered:
I encountered this, and fixed it with a one liner (if you don't count the corresponding import) in the clean_password2() function of PasswordResetForm. Hope this helps, and thanks for your work on this.
from django.contrib.auth.password_validation import validate_password
validate_password(self.cleaned_data.get('password1'))
It'd be good to support password-validation added in Django 1.9.
It's currently possible to reset passwords to one char (e.g.
a
), common passwords (e.g.abc123
), and the username (e.g. usernameadmin
and passwordadmin
). Password validators could prevent this.This is a difference with the builtin
django.contrib.auth
password reset on 1.9 (refs: #26).The text was updated successfully, but these errors were encountered: