Kévin Etienne

When updating and changing a password we have 2 validators: - [`password_strength_validation`](https://github.com/incuna/django-user-management/blob/a40c36b961d76bebc5437a776ada9045a27e1b83/user_management/utils/validators.py) - [`validate_new_password2`](https://github.com/incuna/django-user-management/blob/a40c36b961d76bebc5437a776ada9045a27e1b83/user_management/api/serializers.py#L132) If `password_strength_validation` raises an error the value for `new_password` would not be in the data and...

Can the `subject` be passed through the notification? Or be overridden by the notification if present?

Did you add `manage.py` and `settings.py` on purpose?

It looks like we are already making the distinction between: - a bad password - an inactive account Maybe the first one should return a 401?

Looks very interesting :) (It looks like there's a typo in the link, it resolves to a github page)