How can I set a minimum password length when using the built-in Django auth module?
I think the easiest way to achieve this is using Django password validation
For minimum length would be enough adding this to settings file:
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
'OPTIONS': {
'min_length': 8,
}
},
]
There are others validators like NumericPasswordValidator
and CommonPasswordValidator
Especially if you're already using a sub-classed UserCreationForm
, I'd say you should definitely just add the validation to it. You should be able to override the clean_password
method on the form:
def clean_password(self):
password = self.cleaned_data.get('password1')
if len(password) < 8:
raise ValidationError('Password too short')
return super(MyUserCreationForm, self).clean_password1()
Subclassing the user creation form sounds like a good approach. You can't enforce it at the database level, since Django only stores a hash of the password.