A Django password validator using the Pwned Passwords API to check for compromised passwords.
Project description
Django Pwned
A collection of django password validators.
Compatibility
- Python: 3.6, 3.7, 3.8, 3.9, 3.10
- Django: 3.2, 4.0
Installation
pip install django-pwned
For translations to work, add django_pwned to INSTALLED_APPS.
TL;DR:
AUTH_PASSWORD_VALIDATORS = [
{"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"},
{"NAME": "django_pwned.validators.GitHubLikePasswordValidator"},
{"NAME": "django_pwned.validators.MinimumUniqueCharactersPasswordValidator"},
{"NAME": "django_pwned.validators.PwnedPasswordValidator"},
]
Validators
PwnedPasswordValidator(request_timeout=1.5)
This validator uses the Pwned Passwords API to check for compromised passwords.
Internally, this validator checks password with django's
CommonPasswordValidator and if password was not in django's list,
uses Pwned API to check password. So you can remove CommonPasswordValidator
if you're using this validator.
AUTH_PASSWORD_VALIDATORS = [
# ...
# {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
{"NAME": "django_pwned.validators.PwnedPasswordValidator"},
# ...
]
You can set the API request timeout with the request_timeout parameter (in seconds).
If for any reason (connection issues, timeout, ...) the request to Pwned API fails, this validator skips checking password.
GitHubLikePasswordValidator(min_length=8, safe_length=15)
Validates whether the password is at least:
- 8 characters long, if it includes a number and a lowercase letter, or
- 15 characters long with any combination of characters
Based on Github's documentation about creating a strong password.
You may want to disable Django's NumericPasswordValidator
and MinimumLengthValidator if you want to use
GitHubLikePasswordValidator.
The minimum number of characters can be customized with the min_length
parameter. The length at which we remove the restriction about
requiring both number and lowercase letter can be customized with the
safe_length parameter.
MinimumUniqueCharactersPasswordValidator(min_unique_characters=4)
Validates whether the password contains at least 4 unique characters.
For example aaaaaaaaaabbbbbbccc is an invalid password, but aAbB is a valid password.
The minimum number of unique characters can be customized with the
min_unique_characters parameter.
Development
- Create and activate a python virtualenv.
- Install development dependencies in your virtualenv:
pip install -e '.[dev]' - Install pre-commit hooks:
pre-commit install - Run tests with coverage:
py.test --cov
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django_pwned-1.1.1-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | a24c0428ee795d612c822a74690d3f4a830a4765d1189fbaf3b0c613e0ac3226 |
|
| MD5 | 12bd12d2aa8790bd18dfc2e0ce6ed479 |
|
| BLAKE2b-256 | 51bcea12bdb4cbe91ee7402655cf977180c6764ed3e049cfe05f5e76bb67b15b |
