Validate password strength when resetting password

The canonical-identity-provider api should validate password resets in the exact same way the website does.

Anthony, can you explain in more detail what do you mean by that?

Yup.

In webservice's models.py, set_new_password currently isn't calling password_policy_compliant to verify the strength of the password, so (if a consumer doesn't validate the password for us) the user could end up with a very weak password or even an empty one.

The only other place where you can set your password via the api is when you register(). The code currently uses a form to validate the parameters you pass in here, and this form calls password_policy_compliant in its validation code. I think ideally we'd do the same in set_new_password.

Within ubuntu-sso-client, we also need to validate that password1 and password2 match.

Passes for sso on ec2

This bug was fixed in the package ubuntu-sso-client - 0.99.4-0ubuntu1

---------------
ubuntu-sso-client (0.99.4-0ubuntu1) maverick; urgency=low

  * New upstream release:

  [ <email address hidden> ]
    * Validate form data for verify token page, request password token and set
    new password (LP: #625361).
    * Validate password strength on reset password page (LP: #616528).
    * Labels are not as wide as the parent windowm but a little bit less wide
    (LP: #625009).

  [ Alejandro J. Cura <email address hidden> ]
    * Store the credentials after the email validation step (LP: #625003)

  [ <email address hidden>
    * Every form can be submitted by activating the buttons and/or the entries
    (LP: #616421).

  [ David Planella <email address hidden> ]
    * Make setup.py actually use python-distutils-extra, which will allow the
    .deb package to build the POT file required to import translations into
    Launchpad (LP: #624891).

  [ <email address hidden> ]
    * Errors from SSO servers are being shown now to users, matching
    error-specific to fields (LP: #616101).
    * Also, be robust when SSO server answer with a string where it's supposed
    to be a list (LP: #623447).

  [ Alejandro J. Cura <email address hidden> ]
    * Use the keyring unlocking gnomekeyring APIs (LP: #623622)
    * Search all keyrings for the credentials (LP: #624033)

  [ <email address hidden> ]
    * Customize "help_text" for the login only dialog (LP: #624097).
    * Label areas are as wide as the parent window (LP: #616551).

  [ Alejandro J. Cura <email address hidden> ]
    * The list of error strings as returned by the SSO webservice can't go thru
    DBus (LP: #624358).
 -- Sebastien Bacher <email address hidden> Mon, 30 Aug 2010 19:10:13 +0200

Was part of the Doctest that dsowen ran for me. Pass in Staging.