There's more...

The validators provided in AUTH_PASSWORD_VALIDATORS are executed automatically for  createsuperuser and changepassword management commands, and in built-in forms used to reset or change passwords. There can be times that you will want to use the same validation for custom password management code, though. Django provides functions for that level of integration, also, under the contributed Django auth app's password_validation module.

First, let's examine the functions that allow you to retrieve instances of validation classes:

  • We can retrieve a set of validator instances, one for each class represented in a given configuration list, with get_password_validators(), as follows:
from django.contrib.auth.password_validation import (
    get_password_validators)
# ...
config = [{
    'NAME': 'auth_extra.password_validation.'
            'MaximumLengthValidator'
}]
max_length_validator = get_password_validators(config)[0]
  • If we want to get instances for each of the default set of validators defined in our settings, we could use the same method and pass in the AUTH_PASSWORD_VALIDATORS setting:
from django.conf import settings
from django.contrib.auth.password_validation import (
    get_password_validators)
# ...
default_validators = get_password_validators(
    settings.AUTH_PASSWORD_VALIDATORS)
  • However, Django makes this common case easy by providing a shorthand method to retrieve the default set, as in the following:
from django.contrib.auth.password_validation import (
    get_default_password_validators)
# ...
default_validators = get_default_password_validators()

Starting with a set of validators instances, then, Django provides the following functions for extracting help text from each:

  • We can simply get the basic help text, like so:
from django.contrib.auth.password_validation import (
    get_default_password_validators,
    password_validators_help_texts)
# ...
default_validators = get_default_password_validators()
help_texts = password_validators_help_texts(validators)
  • Since Django deals mainly with web applications, it is likely that the help text will need to be output as HTML. Though we could iterate over help_texts and wrap them in any markup we wanted, a handy method is provided to get help text automatically as an unordered list:
from django.contrib.auth.password_validation import (
    get_default_password_validators,
    password_validators_help_text_html)
# ...
validators = get_default_password_validators()
help_html = password_validators_help_text_html(validators)

Most commonly, though, we would want to apply the validation and prevent insecure passwords from being created. There are functions available for that as well:

  • To apply validation, we can invoke the validate_password() function, handling any ValidationError raised when validation fails as needed. Optionally, a third argument can specify a different list of validators instances, but the default validators are used if it is omitted, as in the following example:
from django.contrib.auth.password_validation import (
    validate_password)
from django.core.exceptions import ValidationError
# ...
try:
    validate_password(password, request.user)
except ValidationError:
    # ... handle validation failures ...
  • In some cases, validator behavior when a password is initially set may differ from that when the password is later altered. While validate_password() is appropriate upon creation, a separate function is provided for handling updates, so that validators execute the appropriate logic in each case:
from django.contrib.auth.password_validation import (
    password_changed)
from django.core.exceptions import ValidationError
# ...
try:
    password_changed(password, request.user)
except ValidationError:
    # ... handle validation failures ...
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.138.204.208