Fix register to honor AUTH_PASSWORD_VALIDATORS (#277)

Tivix/django-rest-auth#482

dj_rest_auth/registration/serializers.py

@@ -1,12 +1,12 @@
 from django.contrib.auth import get_user_model
+from django.core.exceptions import ValidationError as DjangoValidationError
 from django.http import HttpRequest
 from django.urls.exceptions import NoReverseMatch
 from django.utils.translation import gettext_lazy as _
 from requests.exceptions import HTTPError
 from rest_framework import serializers
 from rest_framework.reverse import reverse
 
-
 try:
     from allauth.account import app_settings as allauth_settings
     from allauth.account.adapter import get_adapter
@@ -236,7 +236,14 @@ def save(self, request):
         adapter = get_adapter()
         user = adapter.new_user(request)
         self.cleaned_data = self.get_cleaned_data()
-        adapter.save_user(request, user, self)
+        user = adapter.save_user(request, user, self, commit=False)
+        try:
+            adapter.clean_password(self.cleaned_data['password1'], user=user)
+        except DjangoValidationError as exc:
+            raise serializers.ValidationError(
+                detail=serializers.as_serializer_error(exc)
+            )
+        user.save()
         self.custom_signup(request, user)
         setup_user_email(request, user, [])
         return user

dj_rest_auth/tests/test_api.py

@@ -264,6 +264,17 @@ def test_password_change(self):
         # send empty payload
         self.post(self.password_change_url, data={}, status_code=400)
 
+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}
+    ])
+    def test_password_change_honors_password_validators(self):
+        login_payload = {"username": self.USERNAME, "password": self.PASS}
+        get_user_model().objects.create_user(self.USERNAME, '', self.PASS)
+        self.post(self.login_url, data=login_payload, status_code=200)
+        self.token = self.response.json['key']
+        new_password_payload = {"new_password1": 123, "new_password2": 123}
+        self.post(self.password_change_url, data=new_password_payload, status_code=400)
+
     @override_settings(OLD_PASSWORD_FIELD_ENABLED=True)
     def test_password_change_with_old_password(self):
         login_payload = {
@@ -379,6 +390,20 @@ def test_password_reset_with_invalid_email(self):
         self.post(self.password_reset_url, data=payload, status_code=200)
         self.assertEqual(len(mail.outbox), mail_count)
 
+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator'}
+    ])
+    def test_password_reset_honors_password_validators(self):
+        user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
+        url_kwargs = self._generate_uid_and_token(user)
+        data = {
+            'new_password1': 123,
+            'new_password2': 123,
+            'uid': force_str(url_kwargs['uid']),
+            'token': url_kwargs['token']
+        }
+        self.post(reverse('rest_password_reset_confirm'), data=data, status_code=400)
+
     def test_user_details(self):
         user = get_user_model().objects.create_user(self.USERNAME, self.EMAIL, self.PASS)
         payload = {
@@ -426,6 +451,12 @@ def test_registration(self):
         self._login()
         self._logout()
 
+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator'}
+    ])
+    def test_registration_honors_password_validators(self):
+        self.post(self.register_url, data=self.REGISTRATION_DATA, status_code=400)
+
     @override_settings(REST_AUTH_REGISTER_PERMISSION_CLASSES=(CustomPermissionClass,))
     def test_registration_with_custom_permission_class(self):
         class CustomRegisterView(RegisterView):