feat: password strength validation during registration and migrate tests to cope with it

accounts/tests.py

@@ -34,7 +34,7 @@ from .decorators import confirm_access
 
 
 def register_util(t: TestCase, username: str):
-    t.password = "password121231"
+    t.password = "asdklfja;ldkfja;df"
     t.username = username
     t.email = f"{t.username}@example.org"
     t.user = get_user_model().objects.create(
@@ -141,7 +141,7 @@ class RegistrationTest(TestCase):
         # passwords don't match
         msg = {
             "username": "register_user",
-            "password": "password",
+            "password": "2i3j4;1qlk2asdf",
             "email": "register_user@example.com",
             "confirm_password": "foo@example.com",
         }
@@ -217,9 +217,9 @@ class UnverifiedAccountCleanupTets(TestCase):
         # passwords don't match
         msg = {
             "username": username1,
-            "password": "password",
+            "password": "asdklfja;ldkfja;df",
             "email": f"{username1}@example.com",
-            "confirm_password": "password",
+            "confirm_password": "asdklfja;ldkfja;df",
         }
 
         # register user

accounts/views.py

@@ -13,6 +13,8 @@
 # You should have received a copy of the GNU Affero General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 from django.shortcuts import render, redirect, get_object_or_404
+from django.contrib.auth.password_validation import validate_password
+from django.core.exceptions import ValidationError
 from django.utils.http import urlencode
 from django.contrib.auth import authenticate, login, logout
 from django.contrib.auth import get_user_model
@@ -133,12 +135,26 @@ def register_view(request):
         }
         return render(request, "accounts/auth/register.html", status=400, context=ctx)
 
-    user = get_user_model().objects.create_user(
+    user = get_user_model()(
         username=username,
         email=email,
         is_active=False,
-        password=password,
     )  # TODO: get email from settings.py
+    user.set_password(password)
+    try:
+        user.full_clean()
+        validate_password(password, user=user)
+    except ValidationError as err:
+        ctx = default_register_ctx(username=username, email=email)
+        reason = ""
+        for r in err:
+            reason += r + " "
+
+        ctx["error"] = {"title": "Registration Failed", "reason": reason}
+        return render(request, "accounts/auth/register.html", status=400, context=ctx)
+
+    user.is_active = False
+    user.save()
 
     challenge = None
 
@@ -149,9 +165,6 @@ def register_view(request):
     else:
         challenge = AccountConfirmChallenge.objects.get(owned_by=user)
 
-    user.is_active = False
-    user.save()
-
     return redirect(challenge.pending_url())
 
 

dash/tests.py

@@ -19,21 +19,11 @@ from django.test import TestCase, Client, override_settings
 from django.conf import settings
 from django.db.utils import IntegrityError
 
+from accounts.tests import login_util, register_util
+
 from .models import InstanceConfiguration, Instance
 
 
-def register_util(t: TestCase, username: str):
-    t.password = "password121231"
-    t.username = username
-    t.email = f"{t.username}@example.org"
-    t.user = get_user_model().objects.create(
-        username=t.username,
-        email=t.email,
-    )
-    t.user.set_password(t.password)
-    t.user.save()
-
-
 def create_configurations(t: TestCase):
     t.instance_config = [
         InstanceConfiguration(name="Personal", rent=5.0, ram=0.5, cpu=1, storage=25),
@@ -54,16 +44,6 @@ def create_configurations(t: TestCase):
         )
 
 
-def login_util(t: TestCase, c: Client, redirect_to: str):
-    payload = {
-        "login": t.username,
-        "password": t.password,
-    }
-    resp = c.post(reverse("accounts.login"), payload)
-    t.assertEqual(resp.status_code, 302)
-    t.assertEqual(resp.headers["location"], reverse(redirect_to))
-
-
 class DashHome(TestCase):
     """
     Tests create new app view