A translatable password validator for django, based on zxcvbn-python.
Project description
django-zxcvbn-password-validator
A translatable password validator for django, based on zxcvbn-python and available with pip.
Professional support for django-zxcvbn-password-validator is available as part of the Tidelift Subscription
Translating the project
This project is available in multiple language. Your contribution would be very appreciated if you know a language that is not yet available.
Language available
The software is developed in english. Other available languages are :
- Dutch thanks to Thom Wiggers
- French thanks to Pierre Sassoulas and Lionel Sausin
- English
Creating a user with django-zxcvbn-password-validator
If the password is not strong enough, we provide errors explaining what you need to do :
The error message are translated to your target language (even the string given by zxcvbn that are in english only) :
How to use
Add django-zxcvbn-password-validator
to your requirements and get it with pip. Then
everything happens in your settings file.
Add 'django_zxcvbn_password_validator'
in the INSTALLED_APPS
:
INSTALLED_APPS = [
# ...
'django_zxcvbn_password_validator'
]
Modify AUTH_PASSWORD_VALIDATORS
:
AUTH_PASSWORD_VALIDATORS = [
{
'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
},
{
'NAME': 'django_zxcvbn_password_validator.ZxcvbnPasswordValidator',
},
# ...
]
You could choose to use zxcvbn alone, but I personally still use Django's
UserAttributeSimilarityValidator
, because there seems to be still be some problem with
it integrating user informations with zxcvbn (as of june 2018).
Finally you can set the PASSWORD_MINIMAL_STRENGTH
to your liking (default is 2), every
password scoring lower than this number will be rejected :
# 0 too guessable: risky password. (guesses < 10^3)
# 1 very guessable: protection from throttled online attacks.
# (guesses < 10^6)
# 2 somewhat guessable: protection from unthrottled online attacks.
# (guesses < 10^8)
# 3 safely unguessable: moderate protection from offline slow-hash scenario.
# (guesses < 10^10)
# 4 very unguessable: strong protection from offline slow-hash scenario.
# (guesses >= 10^10)
Contributing
Testing
python manage.py test
Coverage
coverage run ./manage.py test
coverage html
# Open htmlcov/index.html in a navigator
Lint
We're using pre-commit
, it should take care of linting during commit.
pip install -r requirements_dev.txt
pre-commit install
I18n
python manage.py makemessages
# python manage.py createsuperuser ? (You need to login for rosetta)
python manage.py runserver
# Access http://localhost:8000/admin to login
# Then go to http://localhost:8000/rosetta to translate
python manage.py makemessages --no-obsolete --no-wrap
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-zxcvbn-password-validator-1.3.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 5df0eec9515713e51aefb8fcc99c6921b9b3561cb4c290c1d0107d60c0a43242 |
|
MD5 | 7019d541c284d3502a8667264f4e08f8 |
|
BLAKE2b-256 | a65ae3a44a523b39a04eeeeb4974ccdf819d8ea9c477fe918875216371239090 |
Hashes for django_zxcvbn_password_validator-1.3.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d063d9c563e5d6a165b9d7641305e062110da85706fb7189d7ce17b50b5ebfb8 |
|
MD5 | 9e93062cbd4d3f0e2cdc8d8564277aab |
|
BLAKE2b-256 | 984830bf4ce7eb94a18d971eead1647f2bea24506fbcb4ac908fb0061f078a3c |