mathesar-foundation · Anish9901 · Apr 22, 2024 · Apr 12, 2024 · Apr 12, 2024 · Apr 12, 2024
diff --git a/mathesar/api/ui/serializers/users.py b/mathesar/api/ui/serializers/users.py
@@ -1,4 +1,5 @@
 from django.contrib.auth.password_validation import validate_password
+from django.core.exceptions import ValidationError as DjangoValidationError
 from rest_access_policy import FieldAccessMixin, PermittedPkRelatedField
 from rest_framework import serializers
 
@@ -71,7 +72,7 @@ def create(self, validated_data):
 
 
 class ChangePasswordSerializer(MathesarErrorMessageMixin, serializers.Serializer):
-    password = serializers.CharField(write_only=True, required=True, validators=[validate_password])
+    password = serializers.CharField(write_only=True, required=True)
     old_password = serializers.CharField(write_only=True, required=True)
 
     def validate_old_password(self, value):
@@ -80,14 +81,21 @@ def validate_old_password(self, value):
             return value
         raise IncorrectOldPassword(field='old_password')
 
+    def validate_password(self, value):
+        try:
+            validate_password(value)
+        except DjangoValidationError as e:
+            raise e
+        return value
+
     def update(self, instance, validated_data):
         instance.set_password(validated_data['password'])
         instance.save()
         return instance
 
 
 class PasswordResetSerializer(MathesarErrorMessageMixin, serializers.Serializer):
-    password = serializers.CharField(write_only=True, required=True, validators=[validate_password])
+    password = serializers.CharField(write_only=True, required=True)
 
 
 class DatabaseRoleSerializer(MathesarErrorMessageMixin, serializers.ModelSerializer):

diff --git a/mathesar/tests/api/test_user_api.py b/mathesar/tests/api/test_user_api.py
@@ -61,17 +61,31 @@ def test_user_password_reset_non_superuser(client_bob, user_bob):
 
 
 def test_user_password_change(client_bob, user_bob):
-    new_password = 'new_password'
+    new_password = 'NewPass0!'
+    old_password = 'password'
     data = {
         'password': new_password,
-        'old_password': 'password'
+        'old_password': old_password
     }
     response = client_bob.post('/api/ui/v0/users/password_change/', data=data)
     assert response.status_code == 200
     user_bob.refresh_from_db()
     assert user_bob.check_password(new_password) is True
 
 
+def test_user_password_change_invalid(client_bob, user_bob):
+    new_password = 'new_pwd'
+    old_password = 'password'
+    data = {
+        'password': new_password,
+        'old_password': old_password
+    }
+    response = client_bob.post('/api/ui/v0/users/password_change/', data=data)
+    assert response.status_code == 400
+    user_bob.refresh_from_db()
+    assert user_bob.check_password(new_password) is False
+
+
 def test_diff_user_detail_as_non_superuser(client_bob, admin_user):
     response = client_bob.get(f'/api/ui/v0/users/{admin_user.id}/')
     response_data = response.json()