Fixed #25052; refs #16860 -- Added password validation to UserCreationForm.

1 files changed, 21 insertions, 0 deletions

diff --git a/tests/auth_tests/test_forms.py b/tests/auth_tests/test_forms.py
index ab1cff3ea3..aa0a6af41a 100644
--- a/tests/auth_tests/test_forms.py
+++ b/tests/auth_tests/test_forms.py
@@ -132,6 +132,27 @@ class UserCreationFormTest(TestDataMixin, TestCase):
         self.assertEqual(password_changed.call_count, 1)
         self.assertEqual(repr(u), '<User: jsmith@example.com>')
 
+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
+        {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 'OPTIONS': {
+            'min_length': 12,
+        }},
+    ])
+    def test_validates_password(self):
+        data = {
+            'username': 'testclient',
+            'password1': 'testclient',
+            'password2': 'testclient',
+        }
+        form = UserCreationForm(data)
+        self.assertFalse(form.is_valid())
+        self.assertEqual(len(form['password2'].errors), 2)
+        self.assertIn('The password is too similar to the username.', form['password2'].errors)
+        self.assertIn(
+            'This password is too short. It must contain at least 12 characters.',
+            form['password2'].errors
+        )
+
 
 @override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
 class AuthenticationFormTest(TestDataMixin, TestCase):