refacto password validation by adds chanes in class PasswordResetForm instead of in functions, AND readds validators in registration function because of required caracter of the password fields

canaille/app/forms.py

@@ -123,23 +123,6 @@ def compromised_password_validator(form, field):
             )
 
 
-def form_password_validation(password, confirmation, password_field_name):
-    password.validators = [
-        wtforms.validators.DataRequired(),
-        password_length_validator,
-        password_too_long_validator,
-        compromised_password_validator,
-    ]
-    confirmation.validators = [
-        wtforms.validators.DataRequired(),
-        wtforms.validators.EqualTo(
-            password_field_name, message=_("Password and confirmation do not match.")
-        ),
-    ]
-    password.flags.required = True
-    confirmation.flags.required = True
-
-
 def email_validator(form, field):
     try:
         import email_validator  # noqa: F401

canaille/core/endpoints/account.py

@@ -30,8 +30,10 @@ from canaille.app.flask import smtp_needed
 from canaille.app.flask import user_needed
 from canaille.app.forms import IDToModel
 from canaille.app.forms import TableForm
-from canaille.app.forms import form_password_validation
+from canaille.app.forms import compromised_password_validator
 from canaille.app.forms import is_readonly
+from canaille.app.forms import password_length_validator
+from canaille.app.forms import password_too_long_validator
 from canaille.app.forms import set_readonly
 from canaille.app.forms import set_writable
 from canaille.app.i18n import gettext as _
@@ -312,7 +314,20 @@ def registration(data=None, hash=None):
     if not is_readonly(form["emails"]) and emails_readonly:
         set_readonly(form["emails"])
 
-    form_password_validation(form["password1"], form["password2"], "password1")
+    form["password1"].validators = [
+        wtforms.validators.DataRequired(),
+        password_length_validator,
+        password_too_long_validator,
+        compromised_password_validator,
+    ]
+    form["password2"].validators = [
+        wtforms.validators.DataRequired(),
+        wtforms.validators.EqualTo(
+            "password1", message=_("Password and confirmation do not match.")
+        ),
+    ]
+    form["password1"].flags.required = True
+    form["password2"].flags.required = True
 
     if not request.form or form.form_control():
         return render_template(
@@ -877,8 +892,6 @@ def reset(user):
     if user != current_user() or not user.has_expired_password():
         abort(403)
 
-    form_password_validation(form["password"], form["confirmation"], "password")
-
     if request.form and form.validate():
         Backend.instance.set_user_password(user, form.password.data)
         login_user(user)

canaille/core/endpoints/auth.py

@@ -14,7 +14,6 @@ from canaille.app import get_b64encoded_qr_image
 from canaille.app import mask_email
 from canaille.app import mask_phone
 from canaille.app.flask import smtp_needed
-from canaille.app.forms import form_password_validation
 from canaille.app.i18n import gettext as _
 from canaille.app.session import current_user
 from canaille.app.session import login_user
@@ -263,8 +262,6 @@ def reset(user, hash):
         )
         return redirect(url_for("core.account.index"))
 
-    form_password_validation(form["password"], form["confirmation"], "password")
-
     if request.form and form.validate():
         Backend.instance.set_user_password(user, form.password.data)
         login_user(user)

canaille/core/endpoints/forms.py

@@ -68,7 +68,12 @@ class ForgottenPasswordForm(Form):
 class PasswordResetForm(Form):
     password = wtforms.PasswordField(
         _("Password"),
-        validators=[wtforms.validators.DataRequired()],
+        validators=[
+            wtforms.validators.DataRequired(),
+            password_length_validator,
+            password_too_long_validator,
+            compromised_password_validator,
+        ],
         render_kw={
             "autocomplete": "new-password",
         },