We're now using Django's UserAttributeSimilarityValidator, which is great, but it has a bug that allows people to create passwords that are the same as their username. This was fixed upstream in Django, here:
https://github.com/django/django/pull/8408/files
According to the issue, here:
https://code.djangoproject.com/ticket/28127
We could fix this the hard way, by messing around with the validators, but it seems better to just wait until we upgrade django in #1500. After that, we should check to make sure this is fixed as well.
We're now using Django's
UserAttributeSimilarityValidator, which is great, but it has a bug that allows people to create passwords that are the same as their username. This was fixed upstream in Django, here:https://github.com/django/django/pull/8408/files
According to the issue, here:
https://code.djangoproject.com/ticket/28127
We could fix this the hard way, by messing around with the validators, but it seems better to just wait until we upgrade django in #1500. After that, we should check to make sure this is fixed as well.