Enable password strength validation by default

Use Django's built-in password validators with reasonable settings, and
add a basic complexity validator since there isn't one provided.

Additionally, fix the registration form so that it shows the help text
which includes a description of what the password requirements are.

Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>

docker/settings.py

@@ -162,6 +162,28 @@ AUTHENTICATION_BACKENDS = [
     'django.contrib.auth.backends.ModelBackend',
 ]
 
+# Password validation
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+        'OPTIONS': {
+            'min_length': 8,
+        }
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+    {
+        'NAME': 'password_validation.ComplexityValidator',
+    },
+]
+
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': (
         'layerindex.restperm.ReadOnlyPermission',

password_validation.py

@@ -0,0 +1,25 @@
+from django.core.exceptions import ValidationError
+from django.utils.translation import ugettext as _
+
+import re
+
+class ComplexityValidator(object):
+    def validate(self, password, user=None):
+        score = 0
+        if re.search('[0-9]', password):
+            score += 1
+        if password.lower() != password:
+            score += 1
+        if re.search('[^a-zA-Z0-9]', password):
+            score += 1
+
+        if score < 2:
+            raise ValidationError(
+                _("This password does not contain at least two of: upper/lowercase characters; a number; a special (non-alphanumeric) character."),
+                code='password_too_simple'
+            )
+
+    def get_help_text(self):
+        return _(
+            "Your password must contain at least two of: upper/lowercase characters; a number; a special (non-alphanumeric) character"
+        )

settings.py

@@ -162,6 +162,28 @@ AUTHENTICATION_BACKENDS = [
     'django.contrib.auth.backends.ModelBackend',
 ]
 
+# Password validation
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+        'OPTIONS': {
+            'min_length': 8,
+        }
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+    {
+        'NAME': 'password_validation.ComplexityValidator',
+    },
+]
+
 REST_FRAMEWORK = {
     'DEFAULT_PERMISSION_CLASSES': (
         'layerindex.restperm.ReadOnlyPermission',

templates/registration/registration_form.html

@@ -20,6 +20,9 @@
             <div class="controls">
                 {{ field }}
             </div>
+        <p>
+        {{ field.help_text|safe }}
+        </p>
         </div>
     {% endfor %}