mathesar-foundation · Anish9901 · Apr 22, 2024 · Apr 12, 2024 · Apr 12, 2024 · Apr 12, 2024
diff --git a/mathesar/api/ui/serializers/users.py b/mathesar/api/ui/serializers/users.py
@@ -1,6 +1,7 @@
 from django.contrib.auth.password_validation import validate_password
 from rest_access_policy import FieldAccessMixin, PermittedPkRelatedField
 from rest_framework import serializers
+import django.contrib.auth.password_validation as validators
 
 from mathesar.api.db.permissions.database import DatabaseAccessPolicy
 from mathesar.api.db.permissions.schema import SchemaAccessPolicy
@@ -71,23 +72,30 @@
 
 
 class ChangePasswordSerializer(MathesarErrorMessageMixin, serializers.Serializer):
-    password = serializers.CharField(write_only=True, required=True, validators=[validate_password])
+    password = serializers.CharField(write_only=True, required=True)
     old_password = serializers.CharField(write_only=True, required=True)
 
     def validate_old_password(self, value):
         user = self.context['request'].user
         if user.check_password(value) is True:
-            return value
+           return value 
         raise IncorrectOldPassword(field='old_password')
 
+    def validate_password(self, value):
+        try:
+            validate_password(value)
+        except serializers.ValidationError as exc:
+            raise serializers.ValidationError(str(exc))
+        return value
+
     def update(self, instance, validated_data):
         instance.set_password(validated_data['password'])
         instance.save()
         return instance
 
 
 class PasswordResetSerializer(MathesarErrorMessageMixin, serializers.Serializer):
-    password = serializers.CharField(write_only=True, required=True, validators=[validate_password])
+    password = serializers.CharField(write_only=True, required=True)
 
 
 class DatabaseRoleSerializer(MathesarErrorMessageMixin, serializers.ModelSerializer):

diff --git a/mathesar/tests/api/test_user_api.py b/mathesar/tests/api/test_user_api.py
@@ -61,10 +61,11 @@ def test_user_password_reset_non_superuser(client_bob, user_bob):
 
 
 def test_user_password_change(client_bob, user_bob):
-    new_password = 'new_password'
+    new_password = 'NewPass0!'
+    old_password = 'password'
     data = {
-        'password': new_password,
-        'old_password': 'password'
+        'password': 'NewPass0!',
+        'old_password': old_password
     }
     response = client_bob.post('/api/ui/v0/users/password_change/', data=data)
     assert response.status_code == 200