starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Configured password validators are not executing when creating a new user or changing the password for existing user #10003

New Issue
Closed
opened 2025-12-29 21:25:30 +01:00 by adam · 2 comments
adam commented 2025-12-29 21:25:30 +01:00
Owner
Copy Link

Originally created by @nishant131 on GitHub (Jul 24, 2024).

Originally assigned to: @nishant131 on GitHub.

Deployment Type

NetBox Cloud

NetBox Version

v4.0.7

Python Version

3.10

Steps to Reproduce

  1. Configure password validation in the netbox/netbox/configuration.py file. Refer below code for the same:
AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
        'OPTIONS': {
            'min_length': 8,
        }
    }
]
  1. Login as a superuser.
  2. Click "Admin" -> "Authentication" -> "Users"
  3. Click on "+ Add".
  4. Fill the details for the user and set password and confirm password as pass1.
  5. Click "Create".
  6. User gets created successfully.

Instead of adding a new user from step 4 to 6, we can also just update the password for an existing users, and set it as pass1. The result would be the same.

Expected Behavior

User creation or password updation should fail from "Admin" -> "Authentication" -> "Users".

Observed Behavior

User is being created without adhering to the configured password policy.

Originally created by @nishant131 on GitHub (Jul 24, 2024). Originally assigned to: @nishant131 on GitHub. ### Deployment Type NetBox Cloud ### NetBox Version v4.0.7 ### Python Version 3.10 ### Steps to Reproduce 1. Configure password validation in the `netbox/netbox/configuration.py` file. Refer below code for the same: ``` AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 'OPTIONS': { 'min_length': 8, } } ] ``` 2. Login as a superuser. 3. Click "Admin" -> "Authentication" -> "Users" 4. Click on "+ Add". 5. Fill the details for the user and set password and confirm password as `pass1`. 6. Click "Create". 7. User gets created successfully. Instead of adding a new user from step 4 to 6, we can also just update the password for an existing users, and set it as `pass1`. The result would be the same. ### Expected Behavior User creation or password updation should fail from "Admin" -> "Authentication" -> "Users". ### Observed Behavior User is being created without adhering to the configured password policy.
adam added the type: bugstatus: acceptedseverity: medium labels 2025-12-29 21:25:30 +01:00
adam closed this issue 2025-12-29 21:25:30 +01:00
adam commented 2025-12-29 21:25:31 +01:00
Author
Owner
Copy Link

@nishant131 commented on GitHub (Jul 24, 2024):

The root cause for this issue is that the clean() method of UserForm class in the netbox/users/forms/model_forms.py file, we are just validating that password and confirm_password are same or not. We need to call password_validation.validate_password() over here.

@nishant131 commented on GitHub (Jul 24, 2024): The root cause for this issue is that the `clean()` method of `UserForm` class in the `netbox/users/forms/model_forms.py` file, we are just validating that password and confirm_password are same or not. We need to call `password_validation.validate_password()` over here.
adam commented 2025-12-29 21:25:31 +01:00
Author
Owner
Copy Link

@nishant131 commented on GitHub (Jul 25, 2024):

@arthanson, I can take the ownership for this issue. I have already fixed it in this commit and have verified it in my setup.
I have raised a PR, https://github.com/netbox-community/netbox/pull/16982 for the same.

@nishant131 commented on GitHub (Jul 25, 2024): @arthanson, I can take the ownership for this issue. I have already fixed it in [this](https://github.com/nishant131/netbox/commit/d3a918357cfa1289c8b1f6c27bb88b937d44d9e1) commit and have verified it in my setup. I have raised a PR, https://github.com/netbox-community/netbox/pull/16982 for the same.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label severity: medium status: accepted type: bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#10003
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?