mirror of
https://code.eliotberriot.com/funkwhale/funkwhale.git
synced 2025-10-03 21:09:16 +02:00
Fix #883: Prevent usage of too weak passwords
This commit is contained in:
Eliot Berriot
parent
def555bd50
commit
f44abfecfb
6 changed files with 91 additions and 13 deletions
|
|
@ -5,7 +5,7 @@ from django.utils.deconstruct import deconstructible
|
|||
from django.utils.translation import gettext_lazy as _
|
||||
|
||||
from rest_auth.serializers import PasswordResetSerializer as PRS
|
||||
from rest_auth.registration.serializers import RegisterSerializer as RS
|
||||
from rest_auth.registration.serializers import RegisterSerializer as RS, get_adapter
|
||||
from rest_framework import serializers
|
||||
from versatileimagefield.serializers import VersatileImageFieldSerializer
|
||||
|
||||
|
|
@ -42,6 +42,15 @@ class RegisterSerializer(RS):
|
|||
except models.Invitation.DoesNotExist:
|
||||
raise serializers.ValidationError("Invalid invitation code")
|
||||
|
||||
def validate(self, validated_data):
|
||||
data = super().validate(validated_data)
|
||||
# we create a fake user obj with validated data so we can validate
|
||||
# password properly (we have a password validator that requires
|
||||
# a user object)
|
||||
user = models.User(username=data["username"], email=data["email"])
|
||||
get_adapter().clean_password(data["password1"], user)
|
||||
return data
|
||||
|
||||
def save(self, request):
|
||||
user = super().save(request)
|
||||
if self.validated_data.get("invitation"):
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue