Back-end and Front-end password validation with ZXCVBN.
Project description
Django ZXCVBN Password
Back-end and Front-end password validation with ZXCVBN.
A combination of pirandig’s django-zxcvbn and aj-may’s django-password-strength Django apps. It combines back-end and front-end validation with strength meter display.
License
Software licensed under ISC license.
Installation
pip install django-zxcvbn-password
Requirements
The JavaScript code of this application uses JQuery, but JQuery is not bundled with it. Please install it separately. You might also want to use Bootstrap.
Usage
# settings.py INSTALLED_APPS = [ ... 'zxcvbn_password', ... ] AUTH_PASSWORD_VALIDATORS = [ { 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', }, { 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', }, { 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', }, { 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', }, { 'NAME': 'zxcvbn_password.ZXCVBNValidator', 'OPTIONS': { 'min_score': 3, 'user_attributes': ('username', 'email', 'first_name', 'last_name') } } ]
# forms.py from django import forms from zxcvbn_password.fields import PasswordField, PasswordConfirmationField class RegisterForm(forms.Form): password1 = PasswordField() password2 = PasswordConfirmationField(confirm_with=’password1’)
# views.py if form.is_valid(): user = User.objects.create_user( username=..., password=form.cleaned_data['password1'] )
By default, other inputs won’t be used to compute the score, but you can enforce it like this:
# forms.py from django import forms from zxcvbn_password import zxcvbn from zxcvbn_password.fields import PasswordField, PasswordConfirmationField class RegisterForm(forms.Form): password1 = PasswordField() password2 = PasswordConfirmationField(confirm_with=’password1’) def clean(self): password = self.cleaned_data.get('password1') other_field1 = ... other_field2 = ... if password: score = zxcvbn(password, [other_field1, other_field2])['score'] # score is between 0 and 4 # raise forms.ValidationError if needed return self.cleaned_data
Screen-shot
Important
The password field’s widget declares two JavaScript files that must be added to the HTML page. To do so, add {{ form.media }} in your template, something like:
<form role="form" action="my_url" method="post"> {% csrf_token %} {{ form }} </form> {% block js %} {{ block.super }} {{ form.media }} {% endblock %}
Note
If you are not using Bootstrap, the strength bar will not have colors. You can fix this with these three CSS rules:
.progress-bar-warning { background-color: yellow; } .progress-bar-danger { background-color: red; } .progress-bar-success { background-color: green; }
Documentation
Development
To run all the tests: tox
Changelog
2.0.3 (2019-02-21)
- Use new location for package python-zxcvbn, now zxcvbn (2ea1b69).
2.0.2 (2018-08-21)
Documented
- Improve usage notes (7a1ed42). Related issues/PRs: #31.
Fixed
- Fix call to super in PasswordConfirmationInput (fc551b8).
- Improve password validator help text (c5d21a1). Related issues/PRs: #46.
- Strength bar color go green only when superior to min score (9a44fd8). Related issues/PRs: #3.
Tests
- Add django 1.11 tests (815aaef).
- Add py37/pypy plus django 2.0 tests, remove py34 tests (05711cd).
2.0.1 (2017-02-17)
- Fix call to super in PasswordStrengthInput.
2.0.0 (2017-02-17)
- Drop Django 1.8 support in favor of AUTH_PASSWORD_VALIDATORS setting introduced in Django 1.9.
- Update zxcvbn to more recent version (dwolfhub/zxcvbn-python on GitHub).
- Update JavaScript code to latest version.
- Remove all settings (they now go in AUTH_PASSWORD_VALIDATOR options).
- Change license to ISC.
Thanks to Nick Stefan and Daniel Wolf.
1.1.0 (2016-10-18)
- Cookiecutterize the project.
1.0.5 (2015-03-31)
- I don’t remember.
1.0.3 (2015-03-12)
- Switch README to rst.
- Fix manifest rules.
1.0.2 (2015-03-12)
- Change package name from django_zxcvbn_password to zxcvbn_password.
1.0.0 (2015-02-21)
- Beta release on PyPI.
0.1.0 (2015-02-01)
- Alpha release on PyPI.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| Filename, size & hash | File type | Python version | Upload date |
|---|---|---|---|
| django_zxcvbn_password-2.0.3-py2.py3-none-any.whl (411.1 kB) View hashes | Wheel | py2.py3 | |
| django-zxcvbn-password-2.0.3.tar.gz (418.0 kB) View hashes | Source | None |
Hashes for django_zxcvbn_password-2.0.3-py2.py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bee05ee1737f8a6c88bca08fa2fa531c4818517046faa8d3747104dc021de172 |
|
| MD5 | 3cfd153eb9870934417a789897001312 |
|
| BLAKE2-256 | fc189b04ab9e96cd6f0ee6c5aa6faf2c594c37772bcbc8174c0dd52dd9da027f |
Hashes for django-zxcvbn-password-2.0.3.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 675b529502bea7a7546a39ebeb42d1f1b7ef839c7075a663ad5cf15ba9df6146 |
|
| MD5 | fdd0f644349d4245b42e95e05f47aa6e |
|
| BLAKE2-256 | f2a69e8895de3e7d7f02eba415ded3a13d45b2529f13891e0c1697a5e316fd86 |
