restores comparison between 'password' and 'confirmation' and validators in reset form

2024-12-18 11:11:27 +01:00 · 2024-12-18 11:11:27 +01:00 · 1d5c4b9fa9
commit 1d5c4b9fa9
parent 4bdd2de8f2
1 changed files with 19 additions and 0 deletions
--- a/canaille/core/endpoints/auth.py
+++ b/canaille/core/endpoints/auth.py
@ -1,5 +1,6 @@
 import datetime

+import wtforms
 from flask import Blueprint
 from flask import abort
 from flask import current_app
@ -14,6 +15,9 @@ from canaille.app import get_b64encoded_qr_image
 from canaille.app import mask_email
 from canaille.app import mask_phone
 from canaille.app.flask import smtp_needed
+from canaille.app.forms import compromised_password_validator
+from canaille.app.forms import password_length_validator
+from canaille.app.forms import password_too_long_validator
 from canaille.app.i18n import gettext as _
 from canaille.app.session import current_user
 from canaille.app.session import login_user
@ -262,6 +266,21 @@ def reset(user, hash):
        )
        return redirect(url_for("core.account.index"))

+    form["password"].validators = [
+        wtforms.validators.DataRequired(),
+        password_length_validator,
+        password_too_long_validator,
+        compromised_password_validator,
+    ]
+    form["confirmation"].validators = [
+        wtforms.validators.DataRequired(),
+        wtforms.validators.EqualTo(
+            "password", message=_("Password and confirmation do not match.")
+        ),
+    ]
+    form["password"].flags.required = True
+    form["confirmation"].flags.required = True
+
    if request.form and form.validate():
        Backend.instance.set_user_password(user, form.password.data)
        login_user(user)