I’m implementing authentication in a Django site using the built-in auth module, including the built-in UserCreationForm.
I’d like to set a minimum length for passwords. However, I can’t find any documentation on how to do this.
Can I configure the auth module’s User module to require this at the database level? Or should I sub-class the UserCreationForm (I’m actually doing this already for unrelated reasons) and add an extra validator that enforces the password length?
Especially if you're already using a sub-classed UserCreationForm, I'd say you should definitely just add the validation to it. You should be able to override the clean_password method on the form:
def clean_password(self):
password = self.cleaned_data.get('password1')
if len(password) < 8:
raise ValidationError('Password too short')
return super(MyUserCreationForm, self).clean_password1()