feat(users): apply django password validators in auth flows

2026-05-03 20:02:14 +03:30
parent f04e9ba828
commit d1c4889d22
6 changed files with 315 additions and 196 deletions
--- a/apps/users/api/serializers.py
+++ b/apps/users/api/serializers.py
@@ -1,4 +1,5 @@
-from django.contrib.auth import get_user_model
+from django.contrib.auth import get_user_model, password_validation
+from django.core.exceptions import ValidationError as DjangoValidationError
 from drf_spectacular.utils import extend_schema_serializer
 from rest_framework import serializers

@@ -6,10 +7,18 @@ from core.serializers.base import BaseModelSerializer

 User = get_user_model()

-INVALID_MOBILE_FORMAT_MESSAGE = "فرمت شماره موبایل نادرست است."
-INVALID_MOBILE_NUMBER_MESSAGE = "شماره موبایل معتبر نیست."
-PASSWORD_MISMATCH_MESSAGE = "رمز عبور مطابقت ندارد."
-NEW_PASSWORD_MISMATCH_MESSAGE = "رمز عبور جدید و تکرار آن مطابقت ندارند."
+INVALID_MOBILE_FORMAT_MESSAGE = "\u0641\u0631\u0645\u062a \u0634\u0645\u0627\u0631\u0647 \u0645\u0648\u0628\u0627\u06cc\u0644 \u0646\u0627\u062f\u0631\u0633\u062a \u0627\u0633\u062a."
+INVALID_MOBILE_NUMBER_MESSAGE = "\u0634\u0645\u0627\u0631\u0647 \u0645\u0648\u0628\u0627\u06cc\u0644 \u0645\u0639\u062a\u0628\u0631 \u0646\u06cc\u0633\u062a."
+PASSWORD_MISMATCH_MESSAGE = "\u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u0645\u0637\u0627\u0628\u0642\u062a \u0646\u062f\u0627\u0631\u062f."
+NEW_PASSWORD_MISMATCH_MESSAGE = "\u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u062c\u062f\u06cc\u062f \u0648 \u062a\u06a9\u0631\u0627\u0631 \u0622\u0646 \u0645\u0637\u0627\u0628\u0642\u062a \u0646\u062f\u0627\u0631\u0646\u062f."
+PASSWORD_REUSE_MESSAGE = "\u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u062c\u062f\u06cc\u062f \u0646\u0628\u0627\u06cc\u062f \u0628\u0627 \u0631\u0645\u0632 \u0639\u0628\u0648\u0631 \u0642\u0628\u0644\u06cc \u06cc\u06a9\u0633\u0627\u0646 \u0628\u0627\u0634\u062f."
+
+
+def _raise_password_validation_error(password: str, *, user, field_name: str) -> None:
+    try:
+        password_validation.validate_password(password, user=user)
+    except DjangoValidationError as exc:
+        raise serializers.ValidationError({field_name: exc.messages[0] if len(exc.messages) == 1 else exc.messages})


 class UserProfilePictureSerializer(BaseModelSerializer):
@@ -116,8 +125,21 @@ class ResetPasswordSerializer(serializers.Serializer):
        return value

    def validate(self, data):
-        if data.get("password") != data.get("re_password"):
+        mobile = data.get("mobile", "")
+        password = data.get("password", "")
+        re_password = data.get("re_password", "")
+
+        if password != re_password:
            raise serializers.ValidationError({"password": PASSWORD_MISMATCH_MESSAGE})
+
+        user = User.objects.filter(mobile=mobile).only("password", "mobile", "first_name", "last_name", "email").first()
+
+        if user is not None:
+            _raise_password_validation_error(password, user=user, field_name="password")
+
+            if user.check_password(password):
+                raise serializers.ValidationError({"password": PASSWORD_REUSE_MESSAGE})
+
        return data


@@ -127,9 +149,22 @@ class ChangePasswordSerializer(serializers.Serializer):
    re_password = serializers.CharField(required=True, write_only=True)

    def validate(self, data):
-        if data.get("new_password") != data.get("re_password"):
+        old_password = data.get("old_password", "")
+        new_password = data.get("new_password", "")
+        re_password = data.get("re_password", "")
+
+        if new_password != re_password:
            raise serializers.ValidationError({"new_password": NEW_PASSWORD_MISMATCH_MESSAGE})

+        request = self.context.get("request")
+        user = getattr(request, "user", None)
+
+        if old_password and old_password == new_password:
+            raise serializers.ValidationError({"new_password": PASSWORD_REUSE_MESSAGE})
+
+        if user is not None and getattr(user, "is_authenticated", False):
+            _raise_password_validation_error(new_password, user=user, field_name="new_password")
+
        return data


--- a/apps/users/api/views.py
+++ b/apps/users/api/views.py
@@ -272,7 +272,7 @@ class ChangePasswordView(APIView):

    @extend_schema(request=ChangePasswordSerializer)
    def patch(self, request, *args, **kwargs):
-        serializer = ChangePasswordSerializer(data=request.data)
+        serializer = ChangePasswordSerializer(data=request.data, context={"request": request})
        serializer.is_valid(raise_exception=True)
        
        change_password(