From b9c9f5b813c5da57360d0b2cd89a680692913317 Mon Sep 17 00:00:00 2001
From: Matthias <code@mjmair.com>
Date: Fri, 17 Jun 2022 01:43:22 +0200
Subject: [PATCH] validate that password matches the rules

---
 InvenTree/InvenTree/views.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/InvenTree/InvenTree/views.py b/InvenTree/InvenTree/views.py
index 3c50a449044..26f7f5ecf58 100644
--- a/InvenTree/InvenTree/views.py
+++ b/InvenTree/InvenTree/views.py
@@ -8,8 +8,10 @@
 import os
 
 from django.conf import settings
+from django.contrib.auth import password_validation
 from django.contrib.auth.mixins import (LoginRequiredMixin,
                                         PermissionRequiredMixin)
+from django.core.exceptions import ValidationError
 from django.http import HttpResponse, HttpResponseRedirect, JsonResponse
 from django.shortcuts import redirect
 from django.template.loader import render_to_string
@@ -560,8 +562,16 @@ def post(self, request, *args, **kwargs):
                 valid = False
 
         if valid:
-            user.set_password(p1)
-            user.save()
+            try:
+                # Validate password
+                password_validation.validate_password(p1, user)
+
+                # Update the user
+                user.set_password(p1)
+                user.save()
+            except ValidationError as error:
+                form.add_error('confirm_password', str(error))
+                valid = False
 
         return self.renderJsonResponse(request, form, data={'form_valid': valid})