From 802ee508f83a9ffb86b00f39837b7312145d4a06 Mon Sep 17 00:00:00 2001
From: Alexander Todorov <atodorov@otb.bg>
Date: Sun, 1 Jan 2023 12:40:55 +0200
Subject: [PATCH] Enable password validators to avoid users chosing weak
 passwords
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- password can’t be too similar to your other personal information.
- password must contain at least 10 characters.
- password can’t be a commonly used password.
- password can’t be entirely numeric.

Existing users are advised to reset their passwords!
---
 tcms/settings/common.py | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tcms/settings/common.py b/tcms/settings/common.py
index 96fe777917..9dfed7fdf8 100644
--- a/tcms/settings/common.py
+++ b/tcms/settings/common.py
@@ -92,6 +92,25 @@
 # handler!
 AUTO_APPROVE_NEW_USERS = True
 
+# Password validation rules, see
+# https://docs.djangoproject.com/en/4.1/topics/auth/passwords/#enabling-password-validation
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
+        "OPTIONS": {
+            "min_length": 10,
+        },
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
+    },
+    {
+        "NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
+    },
+]
 
 # Set to False if you want to enforce account creation by admins.
 REGISTRATION_ENABLED = (