Skip to main content

A Django password validator using the Pwned Passwords API to check for compromised passwords.

Project description

Django Pwned

A collection of django password validators.

Compatibility

  • Python: 3.6, 3.7, 3.8, 3.9, 3.10
  • Django: 3.2, 4.0

Installation

pip install django-pwned

For translations to work, add django_pwned to INSTALLED_APPS.

TL;DR:

AUTH_PASSWORD_VALIDATORS = [
    {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"},
    {"NAME": "django_pwned.validators.GitHubLikePasswordValidator"},
    {"NAME": "django_pwned.validators.MinimumUniqueCharactersPasswordValidator"},
    {"NAME": "django_pwned.validators.PwnedPasswordValidator"},
]

Validators

PwnedPasswordValidator(request_timeout=1.5)

This validator uses the Pwned Passwords API to check for compromised passwords.

Internally, this validator checks password with django's CommonPasswordValidator and if password was not in django's list, uses Pwned API to check password. So you can remove CommonPasswordValidator if you're using this validator.

AUTH_PASSWORD_VALIDATORS = [
    # ...
    # {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
    {"NAME": "django_pwned.validators.PwnedPasswordValidator"},
    # ...
]

You can set the API request timeout with the request_timeout parameter (in seconds).

If for any reason (connection issues, timeout, ...) the request to Pwned API fails, this validator skips checking password.

GitHubLikePasswordValidator(min_length=8, safe_length=15)

Validates whether the password is at least:

  • 8 characters long, if it includes a number and a lowercase letter, or
  • 15 characters long with any combination of characters

Based on Github's documentation about creating a strong password.

You may want to disable Django's NumericPasswordValidator and MinimumLengthValidator if you want to use GitHubLikePasswordValidator.

The minimum number of characters can be customized with the min_length parameter. The length at which we remove the restriction about requiring both number and lowercase letter can be customized with the safe_length parameter.

MinimumUniqueCharactersPasswordValidator(min_unique_characters=4)

Validates whether the password contains at least 4 unique characters. For example aaaaaaaaaabbbbbbccc is an invalid password, but aAbB is a valid password.

The minimum number of unique characters can be customized with the min_unique_characters parameter.

Development

  • Create and activate a python virtualenv.
  • Install development dependencies in your virtualenv: pip install -e '.[dev]'
  • Install pre-commit hooks: pre-commit install
  • Run tests with coverage: py.test --cov

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

django-pwned-1.1.2.tar.gz (8.2 kB view details)

Uploaded Source

Built Distribution

django_pwned-1.1.2-py3-none-any.whl (8.4 kB view details)

Uploaded Python 3

File details

Details for the file django-pwned-1.1.2.tar.gz.

File metadata

  • Download URL: django-pwned-1.1.2.tar.gz
  • Upload date:
  • Size: 8.2 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.1 CPython/3.10.5

File hashes

Hashes for django-pwned-1.1.2.tar.gz
Algorithm Hash digest
SHA256 e2d2f20febe1f42e3a9826c3eef47006f4e24ed1b322d055fb5b5b04dc27782f
MD5 bd34037bbff5118de976b8c344184070
BLAKE2b-256 e983fc9886bfdb54c55517ad440035ae932e1412b0ad80d28b5a2995a6569783

See more details on using hashes here.

File details

Details for the file django_pwned-1.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for django_pwned-1.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 912fbc1e8bf00d646065640974a91284e17f09555253246b17ad2df62ddc23f3
MD5 6058e4ebb919e284698e6370042eb4ea
BLAKE2b-256 a39b936ff2b66d39afd700c37ebbf0e2bc02bdc17deee8b7c23a0712d70d53d6

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page