password_validators_help_text_html(password_validators=None) Returns an HTML string with all help texts in an <ul>. This is helpful when adding password validation to forms, as you can pass the output directly to the help_text parameter of a form field.

user_logged_in() Sent when a user logs in successfully. Arguments sent with this signal: sender The class of the user that just logged in. request The current HttpRequest instance. user The user instance that just logged in.

validate_password(password, user=None, password_validators=None) [source] Validates a password. If all validators find the password valid, returns None. If one or more validators reject the password, raises a ValidationError with all the error messages from the validators. The user object is optional: if it’s not provided, some validators may not be able to perform any validation and will accept any password.

password_changed(password, user=None, password_validators=None) [source] Informs all validators that the password has been changed. This can be used by validators such as one that prevents password reuse. This should be called once the password has been successfully changed. For subclasses of AbstractBaseUser, the password field will be marked as “dirty” when calling set_password() which triggers a call to password_changed() after the user is saved.

class NumericPasswordValidator [source] Validates whether the password is not entirely numeric.

class CommonPasswordValidator(password_list_path=DEFAULT_PASSWORD_LIST_PATH) [source] Validates whether the password is not a common password. By default, this checks against a list of 1000 common password created by Mark Burnett. The password_list_path can be set to the path of a custom file of common passwords. This file should contain one password per line and may be plain text or gzipped.

class MinimumLengthValidator(min_length=8) [source] Validates whether the password meets a minimum length. The minimum length can be customized with the min_length parameter.

get_password_validators(validator_config) [source] Returns a set of validator objects based on the validator_config parameter. By default, all functions use the validators defined in AUTH_PASSWORD_VALIDATORS, but by calling this function with an alternate set of validators and then passing the result into the password_validators parameter of the other functions, your custom set of validators will be used instead. This is useful when you have a typical set of validators to use for most scenar

create_user(username, email=None, password=None, **extra_fields) Creates, saves and returns a User. The username and password are set as given. The domain portion of email is automatically converted to lowercase, and the returned User object will have is_active set to True. If no password is provided, set_unusable_password() will be called. The extra_fields keyword arguments are passed through to the User’s __init__ method to allow setting arbitrary fields on a custom User model. See Creatin

set_unusable_password() Marks the user as having no password set. This isn’t the same as having a blank string for a password. check_password() for this user will never return True. Doesn’t save the User object. You may need this if authentication for your application takes place against an existing external source such as an LDAP directory.