tolstoyevsky · Themanwhosmellslikesugar · Jun 30, 2020 · Jun 30, 2020 · Jul 14, 2020
diff --git a/doc/signing_up_and_signing_in.md b/doc/signing_up_and_signing_in.md
@@ -62,6 +62,7 @@ Creates a new user account.
     * `{"13": "Email cannot be empty"}`
     * `{"21": "Username is already in use"}`
     * `{"22": "Email is already in use"}`
+    * `{"31": ["This password is too short. It must contain at least 8 characters.", "This password is too common.", "This password is entirely numeric."]}`
 * **Sample Call:**
 
   `$ curl -L -X POST http://127.0.0.1:8001/api/v1/auth/signup/ -d "username=some.user&password=secret&[email protected]"`

diff --git a/users/tests.py b/users/tests.py
@@ -15,7 +15,7 @@ def test_creating_new_account(self):
         url = reverse('sign-up', kwargs={'version': 'v1'})
         user = {
             'username': 'some.username',
-            'password': 'secret',
+            'password': 'xXSecret1Xx',
             'email': '[email protected]',
         }
 
@@ -54,7 +54,7 @@ def test_creating_new_account_without_required_data(self):
 
         user = {
             'username': 'some.username',
-            'password': 'secret',
+            'password': 'xXSecret1Xx',
         }
 
         response = self.client.post(url, data=json.dumps(user),
@@ -63,7 +63,10 @@ def test_creating_new_account_without_required_data(self):
         self.assertEqual(response.data, error_message)
         self.assertEqual(response.status_code, status.HTTP_400_BAD_REQUEST)
 
-        error_message = {12: 'Password cannot be empty'}
+        error_message = {
+            12: 'Password cannot be empty',
+            31: ['This password is too short. It must contain at least 8 characters.']
+        }
 
         user = {
             'username': 'some.username',
@@ -79,7 +82,7 @@ def test_creating_new_account_without_required_data(self):
         error_message = {11: 'Username cannot be empty'}
 
         user = {
-            'password': 'secret',
+            'password': 'xXSecret1Xx',
             'email': '[email protected]',
         }
 
@@ -93,6 +96,7 @@ def test_creating_new_account_without_required_data(self):
             11: 'Username cannot be empty',
             12: 'Password cannot be empty',
             13: 'Email cannot be empty',
+            31: ['This password is too short. It must contain at least 8 characters.']
         }
 
         response = self.client.post(url, data=json.dumps({}),

diff --git a/users/views.py b/users/views.py
@@ -3,7 +3,9 @@
 from django.conf import settings
 from django.contrib.auth import REDIRECT_FIELD_NAME
 from django.contrib.auth.decorators import login_required
+from django.core.exceptions import ValidationError
 from django.contrib.auth.models import User
+from django.contrib.auth.password_validation import validate_password
 from django.http import JsonResponse
 from django.views import View
 from django.views.decorators.csrf import csrf_exempt, csrf_protect
@@ -50,6 +52,11 @@ def post(self, request, *args, **kwargs):
         if User.objects.filter(email__iexact=email).exists():
             data[22] = 'Email is already in use'
 
+        try:
+            validate_password(password)
+        except ValidationError as valid_error:
+            data[31] = valid_error.messages
+
         if data:
             return Response(
                 data=data,

diff --git a/util/base_test.py b/util/base_test.py
@@ -11,7 +11,7 @@ def __init__(self, *args, **kwargs):
         super(BaseSingleUserTest, self).__init__(*args, **kwargs)
         self._user = {
             'username': 'test.user',
-            'password': 'secret',
+            'password': 'xXSecret1Xx',
             'email': '[email protected]',
         }