Skip to main content
Join the official 2020 Python Developers SurveyStart the survey!

Back-end and Front-end password validation with ZXCVBN.

Project description

Django ZXCVBN Password

Back-end and Front-end password validation with ZXCVBN.

A combination of pirandig’s django-zxcvbn and aj-may’s django-password-strength Django apps. It combines back-end and front-end validation with strength meter display.

License

Software licensed under ISC license.

Installation

pip install django-zxcvbn-password

Requirements

The JavaScript code of this application uses JQuery, but JQuery is not bundled with it. Please install it separately. You might also want to use Bootstrap.

Usage

# settings.py

INSTALLED_APPS = [
    ...
    'zxcvbn_password',
    ...
]

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
    },
    {
        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
    },
    {
        'NAME': 'zxcvbn_password.ZXCVBNValidator',
        'OPTIONS': {
            'min_score': 3,
            'user_attributes': ('username', 'email', 'first_name', 'last_name')
        }
    }
]
# forms.py

from django import forms
from zxcvbn_password.fields import PasswordField, PasswordConfirmationField

class RegisterForm(forms.Form):
    password1 = PasswordField()
    password2 = PasswordConfirmationField(confirm_with=password1)
# views.py

if form.is_valid():
    user = User.objects.create_user(
        username=...,
        password=form.cleaned_data['password1']
    )

By default, other inputs won’t be used to compute the score, but you can enforce it like this:

# forms.py

from django import forms
from zxcvbn_password import zxcvbn
from zxcvbn_password.fields import PasswordField, PasswordConfirmationField

class RegisterForm(forms.Form):
    password1 = PasswordField()
    password2 = PasswordConfirmationField(confirm_with=password1)

    def clean(self):
        password = self.cleaned_data.get('password1')
        other_field1 = ...
        other_field2 = ...

        if password:
            score = zxcvbn(password, [other_field1, other_field2])['score']
            # score is between 0 and 4
            # raise forms.ValidationError if needed

        return self.cleaned_data

Custom frequency lists

zxcvbn-python provides a feature to add custom frequency lists, you can specify your own custom frequency lists in the validator by adding frequency_lists to AUTH_PASSWORD_VALIDATORS, where dutch_words is a list of strings:

# settings.py

AUTH_PASSWORD_VALIDATORS = [
    ...
    {
        'NAME': 'zxcvbn_password.ZXCVBNValidator',
        'OPTIONS': {
            'frequency_lists': {
                'dutch': dutch_words,
            }
        }
    }
]

Screen-shot

https://cloud.githubusercontent.com/assets/3999221/23079032/5ae1513a-f54b-11e6-9d66-90660ad5fb2d.png

Important

The password field’s widget declares two JavaScript files that must be added to the HTML page. To do so, add {{ form.media }} in your template, something like:

<form role="form" action="my_url" method="post">
  {% csrf_token %}
  {{ form }}
</form>

{% block js %}
  {{ block.super }}
  {{ form.media }}
{% endblock %}

Note

If you are not using Bootstrap, the strength bar will not have colors. You can fix this with these three CSS rules:

.progress-bar-warning {
    background-color: yellow;
}

.progress-bar-danger {
    background-color: red;
}

.progress-bar-success {
    background-color: green;
}

Documentation

On ReadTheDocs

Development

To run all the tests: tox

Similar projects

You should check out django-zxcvbn-password-validator for backend validation only, but with a good UX and translated messages.

Changelog

2.1.0 (2019-12-15)

  • Allow specifying frequency lists in ZXCVBNValidator options (baa47cd).
  • Return warnings as validationErrors, create list of warning/suggestion to return as ValidationError(s), fixing translations (12946bb).

2.0.3 (2019-02-21)

  • Use new location for package python-zxcvbn, now zxcvbn (2ea1b69).

2.0.2 (2018-08-21)

Documented

  • Improve usage notes (7a1ed42). Related issues/PRs: #31.

Fixed

  • Fix call to super in PasswordConfirmationInput (fc551b8).
  • Improve password validator help text (c5d21a1). Related issues/PRs: #46.
  • Strength bar color go green only when superior to min score (9a44fd8). Related issues/PRs: #3.

Tests

  • Add django 1.11 tests (815aaef).
  • Add py37/pypy plus django 2.0 tests, remove py34 tests (05711cd).

2.0.1 (2017-02-17)

  • Fix call to super in PasswordStrengthInput.

2.0.0 (2017-02-17)

  • Drop Django 1.8 support in favor of AUTH_PASSWORD_VALIDATORS setting introduced in Django 1.9.
  • Update zxcvbn to more recent version (dwolfhub/zxcvbn-python on GitHub).
  • Update JavaScript code to latest version.
  • Remove all settings (they now go in AUTH_PASSWORD_VALIDATOR options).
  • Change license to ISC.

Thanks to Nick Stefan and Daniel Wolf.

1.1.0 (2016-10-18)

  • Cookiecutterize the project.

1.0.5 (2015-03-31)

  • I don’t remember.

1.0.3 (2015-03-12)

  • Switch README to rst.
  • Fix manifest rules.

1.0.2 (2015-03-12)

  • Change package name from django_zxcvbn_password to zxcvbn_password.

1.0.0 (2015-02-21)

  • Beta release on PyPI.

0.1.0 (2015-02-01)

  • Alpha release on PyPI.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Files for django-zxcvbn-password, version 2.1.0
Filename, size File type Python version Upload date Hashes
Filename, size django_zxcvbn_password-2.1.0-py2.py3-none-any.whl (409.3 kB) File type Wheel Python version py2.py3 Upload date Hashes View
Filename, size django-zxcvbn-password-2.1.0.tar.gz (418.6 kB) File type Source Python version None Upload date Hashes View

Supported by

Pingdom Pingdom Monitoring Google Google Object Storage and Download Analytics Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page