Adding Password Requirements to Django's Admin Interface

Question

The "Overview" section of the "User authentication in Django" documentation says that the authentication system in Django doesn't provide password strength checking. I wrote a form class that adds some basic password requirements such as minimum character length. I'm trying to implement it in Django's admin interface. As far as I know, there are three places I will need to implement my password requirements:

1. Creating a user: /admin/auth/user/add/
2. Changing a user's password: /admin/auth/user/1/password/
3. Changing my own password: /admin/password_change/

I can take care of the first two by subclassing UserAdmin and specifying add_form and change_password_form:

https://github.com/django/django/blob/1.8.2/django/contrib/auth/admin.py#L58-L59

How can I get the third one (changing my own password) to use my password requirements? The code is a little above me:

https://github.com/django/django/blob/1.8.2/django/contrib/admin/sites.py#L314

Answer 1

Obviously by sub-classing and using your own AdminSite

# my_admin.py
class MyAdminSite(AdminSite):
    def password_change(self, request, extra_context=None):
        ...

 site = MyAdminSite()

You can disable autodiscovery for default admin site, by using AdminConfig for INSTALLED_APPS settings (django 1.8+ only)

INSTALLED_APPS = (
   'django.contrib.admin.apps.AdminConfig',
   ...
)

And then you have to manually register required models to your new admin site.