implement password policy checking on signup and password change closes #8

passbook/core/views/user.py

@@ -1,10 +1,12 @@
 """passbook core user views"""
 from django.contrib import messages
 from django.contrib.auth import logout, update_session_auth_hash
+from django.forms.utils import ErrorList
 from django.shortcuts import redirect, reverse
 from django.utils.translation import gettext as _
 from django.views.generic import DeleteView, FormView, UpdateView
 
+from passbook.core.exceptions import PasswordPolicyInvalid
 from passbook.core.forms.users import PasswordChangeForm, UserDetailForm
 from passbook.lib.config import CONFIG
 
@@ -38,10 +40,20 @@ class UserChangePasswordView(FormView):
     template_name = 'login/form_with_user.html'
 
     def form_valid(self, form: PasswordChangeForm):
-        self.request.user.set_password(form.cleaned_data.get('password'))
-        self.request.user.save()
-        update_session_auth_hash(self.request, self.request.user)
-        messages.success(self.request, _('Successfully changed password'))
+        try:
+            self.request.user.set_password(form.cleaned_data.get('password'))
+            self.request.user.save()
+            update_session_auth_hash(self.request, self.request.user)
+            messages.success(self.request, _('Successfully changed password'))
+        except PasswordPolicyInvalid as exc:
+            # Manually inject error into form
+            # pylint: disable=protected-access
+            errors = form._errors.setdefault("password_repeat", ErrorList(''))
+            # pylint: disable=protected-access
+            errors = form._errors.setdefault("password", ErrorList())
+            for error in exc.messages:
+                errors.append(error)
+            return self.form_invalid(form)
         return redirect('passbook_core:overview')
 
     def get_context_data(self, **kwargs):