Skip to content

Latest commit

 

History

History
120 lines (77 loc) · 3.39 KB

README.rst

File metadata and controls

120 lines (77 loc) · 3.39 KB

Django Strong Passwords

django-strong-passwords is a Django application that provides a form field and validators that check the strength of a password. It is a fork of django-passwords which adds support for modern versions of Django and Python.

Installation

pip install django-strong-passwords

Compatibility

django-strong-passwords is tested with Django 3.2+ and Python 3.7+.

Settings

django-strong-passwords adds 6 optional settings

Optional:

Specifies minimum length for passwords:

PASSWORD_MIN_LENGTH = 6 # Defaults to 6

Specifies maximum length for passwords:

PASSWORD_MAX_LENGTH = 120 # Defaults to None

Specifies the location of a dictionary (file with one word per line):

PASSWORD_DICTIONARY = "/usr/share/dict/words" # Defaults to None

Specifies how close a fuzzy match has to be to be considered a match:

PASSWORD_MATCH_THRESHOLD = 0.9 # Defaults to 0.9, should be 0.0 - 1.0 where 1.0 means exactly the same.

Specifies a list of common sequences to attempt to match a password against:

PASSWORD_COMMON_SEQUENCES = [] # Should be a list of strings, see passwords/validators.py for default

Specifies number of characters within various sets that a password must contain:

PASSWORD_COMPLEXITY = { # You can omit any or all of these for no limit for that particular set
    "UPPER": 1,        # Uppercase
    "LOWER": 1,        # Lowercase
    "LETTERS": 1,       # Either uppercase or lowercase letters
    "DIGITS": 1,       # Digits
    "SPECIAL": 1,      # Not alphanumeric, space or punctuation character
    "WORDS": 1         # Words (alphanumeric sequences separated by a whitespace or punctuation character)
}

Usage

To use the formfield simply import it and use it:

from django import forms
from passwords.fields import PasswordField

class ExampleForm(forms.Form):
    password = PasswordField(label="Password")

You can make use of the validators on your own fields:

from django import forms
from passwords.validators import dictionary_words

field = forms.CharField(validators=[dictionary_words])

You can also create custom validator instances to specify your own field-specific configurations, rather than using the global configurations:

from django import forms
from passwords.validators import (
    DictionaryValidator, LengthValidator, ComplexityValidator)

field = forms.CharField(validators=[
    DictionaryValidator(words=['banned_word'], threshold=0.9),
    LengthValidator(min_length=8),
    ComplexityValidator(complexities=dict(
        UPPER=1,
        LOWER=1,
        DIGITS=1
    )),
])

Django's password validation API is slightly different than the form validation API and has wrappers in the auth_password_validators module:

AUTH_PASSWORD_VALIDATORS = [
    …,
    {"NAME": "passwords.auth_password_validators.ComplexityValidator"}
]