Check Password Validity (Django/Python)

Question

I have a very small Django app, mostly just for learning purposes. I am using the inbuilt User model provided by Django. To learn the functionality, I've created pages which allow me to create and edit users without having to go to the admin panel.

The register page allows me to very easily check for things like password and email validity, as when I POST to a View, I simply use user_form.is_valid() to check the fields are correct (username is less than 30 characters, password less than 128, other conditions...).

For my edit page, I wanted to make the content more responsive so I have made use of AJAX requests via JQuery, allowing me to perform actions without reloading the page. This works great, but it does leave me with the problem of checking validity, as I am not sending the form, I am just using Javascript to pick out the queries and send them in an AJAX request as such:

$.get('/dms/edit_user_changeuser/', {inputNameSend : $("#inputname").val(), usernameToSend : $("#usernameID").val(), emailToSend : $("#emailID").val(),passwordToSend : $("#passwordID").val(), disabledToSend : checkedVal}, function(data){
            if(data != "success"){
                $("#errorDisplay").show();
            }else{
                $("#savedDisplay").show();
                $("#user_form").hide();
            }
});

And this is how the associated View handles it:

@login_required
def user_edit_changeuser(request):
    # Like before, get the request's context.
    context = RequestContext(request)

    inputname = request.GET['inputNameSend']
    newUsername = request.GET['usernameToSend']
    newEmail = request.GET['emailToSend']
    newPassword = request.GET['passwordToSend']
    if(request.GET['disabledToSend'] == "true"):
        disabledBool = False
    else:
        disabledBool = True
    try:
        user_obj = User.objects.get(username=inputname)
        print("retUser")
        user_obj.username = newUsername
        user_obj.email = newEmail
        user_obj.is_active = disabledBool
        user_obj.set_password(newPassword)
        user_obj.save()
        print(str(disabledBool))
        return HttpResponse("success")
    except Exception, e:
        return HttpResponse(str(e))

This all works assuming input is valid, but is there something like User.checkValidPassword(newPassword) to manually check validity?

Answer 1

User instances have a method check_password which does exactly what you want it to do

user = User.object.get(username=inputname)
user.checK_password('a_password')

The above checks to see if the current users password matches what is saved in the db. If you were instead asking about validating to make sure the newPassword is valid ie. is the proper length, contains numbers, etc. There is no reason you cannot use a form to validate the user input, just as you would if it were not an AJAX based view

---

as a side note, it is not necessarly the best thing to catch all exceptions in python. It can mask all sorts of errors that you want to see fail!

if you are expecting that a user might not exist do it explicitly.

try:
    user = User.object.get(username=inputname)
except User.DoesNotExist:
    # all other expections will not be caught!