addition of validation to minimum and maximum password settings (#12798)

* update minimum and maximum password length validation in system settings form

* update minimum and maximum password length validation in system settings serializer

* Apply suggestions from code review

* Update dojo/api_v2/serializers.py

* move validation to model

* fix ruff

* add migration

Author: blakeaowens

dojo/db_migrations/0234_alter_system_settings_maximum_password_length_and_more.py

@@ -0,0 +1,24 @@
+# Generated by Django 5.1.8 on 2025-07-17 20:45
+
+import django.core.validators
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('dojo', '0233_remove_test_actual_time_remove_test_estimated_time'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='system_settings',
+            name='maximum_password_length',
+            field=models.IntegerField(default=48, help_text='Requires user to set passwords less than maximum length.', validators=[django.core.validators.MinValueValidator(9), django.core.validators.MaxValueValidator(48)], verbose_name='Maximum password length'),
+        ),
+        migrations.AlterField(
+            model_name='system_settings',
+            name='minimum_password_length',
+            field=models.IntegerField(default=9, help_text='Requires user to set passwords greater than minimum length.', validators=[django.core.validators.MinValueValidator(9), django.core.validators.MaxValueValidator(48)], verbose_name='Minimum password length'),
+        ),
+    ]

dojo/models.py

@@ -618,11 +618,13 @@ class System_Settings(models.Model):
     minimum_password_length = models.IntegerField(
         default=9,
         verbose_name=_("Minimum password length"),
-        help_text=_("Requires user to set passwords greater than minimum length."))
+        help_text=_("Requires user to set passwords greater than minimum length."),
+        validators=[MinValueValidator(9), MaxValueValidator(48)])
     maximum_password_length = models.IntegerField(
         default=48,
         verbose_name=_("Maximum password length"),
-        help_text=_("Requires user to set passwords less than maximum length."))
+        help_text=_("Requires user to set passwords less than maximum length."),
+        validators=[MinValueValidator(9), MaxValueValidator(48)])
     number_character_required = models.BooleanField(
         default=True,
         blank=False,
@@ -665,6 +667,19 @@ class System_Settings(models.Model):
     from dojo.middleware import System_Settings_Manager
     objects = System_Settings_Manager()
 
+    def clean(self):
+        super().clean()
+
+        if (
+            self.minimum_password_length is not None
+            and self.maximum_password_length is not None
+        ):
+            if self.minimum_password_length > self.maximum_password_length:
+                msg = "Minimum required password length must be larger than the maximum required password length."
+                raise ValidationError({
+                    "minimum_password_length": msg,
+                })
+
 
 class SystemSettingsFormAdmin(forms.ModelForm):
     product_grade = forms.CharField(widget=forms.Textarea)