Fixed #16860 -- Added password validation to django.contrib.auth.

tests/auth_tests/test_forms.py

@@ -263,6 +263,24 @@ class SetPasswordFormTest(TestDataMixin, TestCase):
         form = SetPasswordForm(user, data)
         self.assertTrue(form.is_valid())
 
+    @override_settings(AUTH_PASSWORD_VALIDATORS=[
+        {'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator'},
+        {'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', 'OPTIONS': {
+            'min_length': 12,
+        }},
+    ])
+    def test_validates_password(self):
+        user = User.objects.get(username='testclient')
+        data = {
+            'new_password1': 'testclient',
+            'new_password2': 'testclient',
+        }
+        form = SetPasswordForm(user, data)
+        self.assertFalse(form.is_valid())
+        self.assertEqual(len(form["new_password2"].errors), 2)
+        self.assertTrue('The password is too similar to the username.' in form["new_password2"].errors)
+        self.assertTrue('This password is too short. It must contain at least 12 characters.' in form["new_password2"].errors)
+
 
 @override_settings(USE_TZ=False, PASSWORD_HASHERS=['django.contrib.auth.hashers.SHA1PasswordHasher'])
 class PasswordChangeFormTest(TestDataMixin, TestCase):