Back-end and Front-end password validation with ZXCVBN.
Project description
Django ZXCVBN Password
Back-end and Front-end password validation with ZXCVBN.
A combination of pirandig’s django-zxcvbn and aj-may’s django-password-strength Django apps. It combines back-end and front-end validation with strength meter display.
License
Software licensed under ISC license.
Installation
pip install django-zxcvbn-password
Requirements
The JavaScript code of this application uses JQuery, but JQuery is not bundled with it. Please install it separately. You might also want to use Bootstrap.
Usage
# settings.py INSTALLED_APPS = [ ... 'zxcvbn_password', ... ] AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, { 'NAME': 'zxcvbn_password.ZXCVBNValidator', 'OPTIONS': { 'min_score': 3, 'user_attributes': ('username', 'email', 'first_name', 'last_name') } } ]
# forms.py from django import forms from zxcvbn_password.fields import PasswordField, PasswordConfirmationField class RegisterForm(forms.Form): password1 = PasswordField() password2 = PasswordConfirmationField(confirm_with=’password1’)
# views.py if form.is_valid(): user = User.objects.create_user( username=..., password=form.cleaned_data['password1'] )
By default, other inputs won’t be used to compute the score, but you can enforce it like this:
# forms.py from django import forms from zxcvbn_password import zxcvbn from zxcvbn_password.fields import PasswordField, PasswordConfirmationField class RegisterForm(forms.Form): password1 = PasswordField() password2 = PasswordConfirmationField(confirm_with=’password1’) def clean(self): password = self.cleaned_data.get('password1') other_field1 = ... other_field2 = ... if password: score = zxcvbn(password, [other_field1, other_field2])['score'] # score is between 0 and 4 # raise forms.ValidationError if needed return self.cleaned_data
Custom frequency lists
zxcvbn-python provides a feature to add custom frequency lists, you can specify your own custom frequency lists in the validator by adding frequency_lists to AUTH_PASSWORD_VALIDATORS, where dutch_words is a list of strings:
# settings.py AUTH_PASSWORD_VALIDATORS = [ ... { 'NAME': 'zxcvbn_password.ZXCVBNValidator', 'OPTIONS': { 'frequency_lists': { 'dutch': dutch_words, } } } ]
Screen-shot
Important
The password field’s widget declares two JavaScript files that must be added to the HTML page. To do so, add {{ form.media }} in your template, something like:
<form role="form" action="my_url" method="post"> {% csrf_token %} {{ form }} </form> {% block js %} {{ block.super }} {{ form.media }} {% endblock %}
Note
If you are not using Bootstrap, the strength bar will not have colors. You can fix this with these three CSS rules:
.progress-bar-warning { background-color: yellow; } .progress-bar-danger { background-color: red; } .progress-bar-success { background-color: green; }
Documentation
Development
To run all the tests: tox
Similar projects
You should check out django-zxcvbn-password-validator for backend validation only, but with a good UX and translated messages.
Changelog
2.1.1 (2021-12-16)
- Avoid using deprecated ugettext (PR #143).
2.1.0 (2019-12-15)
- Allow specifying frequency lists in ZXCVBNValidator options (baa47cd).
- Return warnings as validationErrors, create list of warning/suggestion to return as ValidationError(s), fixing translations (12946bb).
2.0.3 (2019-02-21)
- Use new location for package python-zxcvbn, now zxcvbn (2ea1b69).
2.0.2 (2018-08-21)
Documented
- Improve usage notes (7a1ed42). Related issues/PRs: #31.
Fixed
- Fix call to super in PasswordConfirmationInput (fc551b8).
- Improve password validator help text (c5d21a1). Related issues/PRs: #46.
- Strength bar color go green only when superior to min score (9a44fd8). Related issues/PRs: #3.
Tests
- Add django 1.11 tests (815aaef).
- Add py37/pypy plus django 2.0 tests, remove py34 tests (05711cd).
2.0.1 (2017-02-17)
- Fix call to super in PasswordStrengthInput.
2.0.0 (2017-02-17)
- Drop Django 1.8 support in favor of AUTH_PASSWORD_VALIDATORS setting introduced in Django 1.9.
- Update zxcvbn to more recent version (dwolfhub/zxcvbn-python on GitHub).
- Update JavaScript code to latest version.
- Remove all settings (they now go in AUTH_PASSWORD_VALIDATOR options).
- Change license to ISC.
Thanks to Nick Stefan and Daniel Wolf.
1.1.0 (2016-10-18)
- Cookiecutterize the project.
1.0.5 (2015-03-31)
- I don’t remember.
1.0.3 (2015-03-12)
- Switch README to rst.
- Fix manifest rules.
1.0.2 (2015-03-12)
- Change package name from django_zxcvbn_password to zxcvbn_password.
1.0.0 (2015-02-21)
- Beta release on PyPI.
0.1.0 (2015-02-01)
- Alpha release on PyPI.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for django-zxcvbn-password-2.1.1.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 08eb4e5a92e214ba6b6d6fe320d921d4f557582ec567ed3a2b82a4ec175948c2 |
|
| MD5 | bce6bc49479f8a5a087eaa533eaae112 |
|
| BLAKE2-256 | f6084cab5e483ccf4c19e2c38ee2d2786ff7a429cd4207e1582e816b8c02a707 |
Hashes for django_zxcvbn_password-2.1.1-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | f0135773a737cfb29fe67420464e2483afc41472aab15cbd3cac5dacbcd69d9b |
|
| MD5 | df03d18483114ee9e6edab34b91a6d81 |
|
| BLAKE2-256 | a870eec479706df53b1d4691cdbdc293216f7c2fbccf00a56d708e33c6502e71 |