diff --git a/canaille/app/forms.py b/canaille/app/forms.py index f9a6934a..fc568352 100644 --- a/canaille/app/forms.py +++ b/canaille/app/forms.py @@ -123,23 +123,6 @@ def compromised_password_validator(form, field): ) -def form_password_validation(password, confirmation, password_field_name): - password.validators = [ - wtforms.validators.DataRequired(), - password_length_validator, - password_too_long_validator, - compromised_password_validator, - ] - confirmation.validators = [ - wtforms.validators.DataRequired(), - wtforms.validators.EqualTo( - password_field_name, message=_("Password and confirmation do not match.") - ), - ] - password.flags.required = True - confirmation.flags.required = True - - def email_validator(form, field): try: import email_validator # noqa: F401 diff --git a/canaille/core/endpoints/account.py b/canaille/core/endpoints/account.py index e19ab69d..507a375a 100644 --- a/canaille/core/endpoints/account.py +++ b/canaille/core/endpoints/account.py @@ -30,8 +30,10 @@ from canaille.app.flask import smtp_needed from canaille.app.flask import user_needed from canaille.app.forms import IDToModel from canaille.app.forms import TableForm -from canaille.app.forms import form_password_validation +from canaille.app.forms import compromised_password_validator from canaille.app.forms import is_readonly +from canaille.app.forms import password_length_validator +from canaille.app.forms import password_too_long_validator from canaille.app.forms import set_readonly from canaille.app.forms import set_writable from canaille.app.i18n import gettext as _ @@ -312,7 +314,20 @@ def registration(data=None, hash=None): if not is_readonly(form["emails"]) and emails_readonly: set_readonly(form["emails"]) - form_password_validation(form["password1"], form["password2"], "password1") + form["password1"].validators = [ + wtforms.validators.DataRequired(), + password_length_validator, + password_too_long_validator, + compromised_password_validator, + ] + form["password2"].validators = [ + wtforms.validators.DataRequired(), + wtforms.validators.EqualTo( + "password1", message=_("Password and confirmation do not match.") + ), + ] + form["password1"].flags.required = True + form["password2"].flags.required = True if not request.form or form.form_control(): return render_template( @@ -877,8 +892,6 @@ def reset(user): if user != current_user() or not user.has_expired_password(): abort(403) - form_password_validation(form["password"], form["confirmation"], "password") - if request.form and form.validate(): Backend.instance.set_user_password(user, form.password.data) login_user(user) diff --git a/canaille/core/endpoints/auth.py b/canaille/core/endpoints/auth.py index a4004ef5..e8caac0d 100644 --- a/canaille/core/endpoints/auth.py +++ b/canaille/core/endpoints/auth.py @@ -14,7 +14,6 @@ from canaille.app import get_b64encoded_qr_image from canaille.app import mask_email from canaille.app import mask_phone from canaille.app.flask import smtp_needed -from canaille.app.forms import form_password_validation from canaille.app.i18n import gettext as _ from canaille.app.session import current_user from canaille.app.session import login_user @@ -263,8 +262,6 @@ def reset(user, hash): ) return redirect(url_for("core.account.index")) - form_password_validation(form["password"], form["confirmation"], "password") - if request.form and form.validate(): Backend.instance.set_user_password(user, form.password.data) login_user(user) diff --git a/canaille/core/endpoints/forms.py b/canaille/core/endpoints/forms.py index d45d2173..9f700e4f 100644 --- a/canaille/core/endpoints/forms.py +++ b/canaille/core/endpoints/forms.py @@ -68,7 +68,12 @@ class ForgottenPasswordForm(Form): class PasswordResetForm(Form): password = wtforms.PasswordField( _("Password"), - validators=[wtforms.validators.DataRequired()], + validators=[ + wtforms.validators.DataRequired(), + password_length_validator, + password_too_long_validator, + compromised_password_validator, + ], render_kw={ "autocomplete": "new-password", },