Skip to main content

A translatable password validator for django, based on zxcvbn-python.

Project description

django-zxcvbn-password-validator

A translatable password validator for django, based on zxcvbn-python and available with pip.

Build Status Coverage Status PyPI version

Creating a user with django-zxcvbn-password-validator

If the password is not strong enough, we provide errors explaining what you need to do :

English example

The error message are translated to your target language (even the string given by zxcvbn that are in english only) :

Translated example

How to use

Add it to your requirements and get it with pip.

django-zxcvbn-password-validator

Then everything happens in your settings file.

Add 'django_zxcvbn_password_validator' in the INSTALLED_APPS :

INSTALLED_APPS = [
	...
	'django_zxcvbn_password_validator'
]

Modify AUTH_PASSWORD_VALIDATORS :

AUTH_PASSWORD_VALIDATORS = [
	{
		'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
	},
	{
		'NAME': 'django_zxcvbn_password_validator.ZxcvbnPasswordValidator',
	},
	...
]

You could choose to use zxcvbn alone, but I personally still use Django's UserAttributeSimilarityValidator, because there seems to be still be some problem with it integrating user informations with zxcvbn (as of june 2018).

Finally you can set the PASSWORD_MINIMAL_STRENGTH to your liking (default is 2), every password scoring lower than this number will be rejected :

# 0 too guessable: risky password. (guesses < 10^3)
# 1 very guessable: protection from throttled online attacks. (guesses < 10^6)
# 2 somewhat guessable: protection from unthrottled online attacks. (guesses < 10^8)
# 3 safely unguessable: moderate protection from offline slow-hash scenario. (guesses < 10^10)
# 4 very unguessable: strong protection from offline slow-hash scenario. (guesses >= 10^10)

Translating the project

This project is available in multiple language. Your contribution would be very appreciated if you know a language that is not yet available.

Language available

The software is developed in english. Other available languages are :

Contributing

Testing

python manage.py test

Coverage

coverage run ./manage.py test
coverage html
# Open htmlcov/index.html in a navigator

Lint

We're using pre-commit, it should take care of linting during commit.

pip install -r requirements_dev.txt
pre-commit install

I18n

python manage.py makemessages
# python manage.py createsuperuser ? (You need to login for rosetta)
python manage.py runserver
# Access http://localhost:8000/admin to login
# Then go to http://localhost:8000/rosetta to translate
python manage.py makemessages --no-obsolete --no-wrap

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-zxcvbn-password-validator, version 1.3.0
Filename, size File type Python version Upload date Hashes
Filename, size django-zxcvbn-password-validator-1.3.0.tar.gz (14.8 kB) File type Source Python version None Upload date Hashes View hashes

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page