Django:如何应用内置密码验证器？

Question

我喜欢在注册表上测试 django 内置验证器。所以我添加了这个...

---

settings.py

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
        'OPTIONS': {
            'min_length': 9,
        }
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
]

---

forms.py

from django.contrib.auth.models import User
from django import forms
import django.contrib.auth.password_validation as validators


class UserRegistrationForm(forms.ModelForm):
    password = forms.CharField(label='Password',
                               widget=forms.PasswordInput)
    password2 = forms.CharField(label='Repeat password',
                                widget=forms.PasswordInput)

    class Meta:
        model = User
        fields = ('username', 'first_name', 'email')


    # --- check duplicate
    def clean_password2(self):
        cd = self.cleaned_data
        if cd['password'] != cd['password2']:
            raise forms.ValidationError('Passwords don\'t match.')
        return cd['password2']

    # --- django built-in validator
    def pass_validate(self):
        password = self.cleaned_data('password')
        try:
            validators(password, self.instance)
        except forms.ValidationError as error:
            self.add_error('password', error)
        return password

---

views.py

<...>
def register(request):
    if request.method == 'POST':
        user_form = UserRegistrationForm(request.POST)
        if user_form.is_valid():
            # Create a new user object but avoid saving it yet
            new_user = user_form.save(commit=False)
            # Set the chosen password
            new_user.set_password(
                user_form.cleaned_data['password'])
            # Save the User object
            new_user.save()
            return render(request,
                          'account/register_done.html',
                          {'new_user': new_user})
    else:
        user_form = UserRegistrationForm()
    return render(request,
                  'account/register.html',
                  {'user_form': user_form})
<...>

---

• 不幸的是，我仍然可以使用“123”等密码注册为用户。所以min_length不起作用。
• 在阅读论坛上的一些文章后，forms.py 中的 pass_validate 函数是一种添加 django 内置验证器的方法。
• 好处是服务器可以正常运行并且没有显示错误。

所以我的问题是“如何以正确的方式应用内置密码验证器”？我需要一个特殊的 validators.py 吗？但我猜我在 forms.py 中的函数是错误的。

Answer 1

与其他模型验证一样，密码验证需要显式调用。您可以通过直接调用validate_password来触发密码验证。

from django.contrib.auth.models import User
from django import forms
from django.contrib.auth.password_validation import validate_password


class UserRegistrationForm(forms.ModelForm):
    password = forms.CharField(label='Password',
                               widget=forms.PasswordInput)
    password2 = forms.CharField(label='Repeat password',
                                widget=forms.PasswordInput)

    class Meta:
        model = User
        fields = ('username', 'first_name', 'email')

    # --- django built-in validator
    def clean_password(self):
        password = self.cleaned_data['password']
        validate_password(password)
        return password

    # --- check duplicate
    def clean_password2(self):
        cd = self.cleaned_data
        if cd['password'] != cd['password2']:
            raise forms.ValidationError('Passwords don\'t match.')
        return cd['password2']

如果您不想使用所有默认值，则可以传递 validate_password 个单独的验证器。请参阅帮助(validate_password)。