This Pluggable Authentication Service (PAS) plugin will lock a login after a predetermined number of incorrect attempts. Once locked, the user will be shown a page that tells them to contact their administrator to unlock.
Project description
PasswordStrength
This Pluggable Authentication Service (PAS) plugin validates passwords against regular expression rules. These rules can ensure a passwords strength such as minimum lenth and required characthers. This plugin contains a patch to plone to use PAS validation.
Requires:
PluggableAuthService and its dependencies
(optional) PlonePAS and its dependencies
Plone 4.1 or 4.2.
Installation
Place the Product directory ‘PasswordStength’ in your ‘Products/’ directory. Restart Zope.
In your PAS ‘acl_users’, select ‘PasswordStrength’ from the add list. Give it an id and title, and push the add button.
Enable the ‘Validation’ plugin interfaces in the after-add screen.
Click on the properties tab and edit the validation rules
To use with plone, you need to install PasswordStrength using quickinstaller
That’s it! Test it out.
Note: PasswordStength doesn’t currently generate new passwords. This means that you will need to change Plones security settings such that users manually enter passwords rather than autogenerate them.
Implementation
A PAS plugin for Validation checks the password against each regular expression listed in the properties. Any rules that fail result in the associated error messages being returned.
Plone doesn’t use PAS to validate passwords so included is a patch to Products.CMFPlone.RegistrationTool.RegistrationTool.testPasswordValidity which makes plone use PAS validation plugins.
TODO
Do password generation from regexp. This looks possible http://stackoverflow.com/questions/492716/reversing-a-regular-expression-in-python
Do password expiration
Copyright, License, Author
- Copyright (c) 2007, PretaWeb, Australia,
and the respective authors. All rights reserved.
Author: Dylan Jay <software@pretaweb.com>
License BSD-ish, see LICENSE.txt
Credits
Thanks to Daniel Nouri and BlueDynamics for their NoDuplicateLogin which served as the base for this.
Changes
0.3.1 (2013-11-20)
Bugfix for use inside change-password
Don’t validate password strength of old password (pysailor)
0.3 (2013-08-18)
Added a monkey-patch for the zope.schema Password field to validate the password. This is necessary for the Plone 4 @@new-user form to work well. [regebro]
Earlier versions
0.2 - Packaged as egg. Plone 3.1 compatible
0.1 - Initial version. Plone 2.5 compatible
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Hashes for Products.PasswordStrength-0.3.1.zip
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 99914582c77e1a44c8d4fd2ce4f632b20c6ddc05c20730088eeb8527f8dd064a |
|
| MD5 | ec7f7190fb71b5810160c3944555aea0 |
|
| BLAKE2b-256 | 553090914c0e632f78a02655a110c56d83e659e03ff6b68c8d61b04d0adc4e1d |
