Conditional validators about django-passwords HOT 7 OPEN

The right way would be to write a CompositeValidator which has as members the existing validators but calls them only when the length of the password is shorter than some (configurable) threshold.

Pseudocode:

class CompositeValidator(object):
    length_validator = LengthValidator(PASSWORD_MIN_LENGTH, PASSWORD_MAX_LENGTH)
    complexity_validator = ComplexityValidator(PASSWORD_COMPLEXITY)
    ... further validators

    def __call__(self, value):
        try:
            self.length_validator(value)
            return
        except ValidationError:
            self.complexity_validator(value)
            self.other_validator(value)
            .... further validators

from django-passwords.

Thanks very much @maccesch . Looks like I'm going to take a different approach to this, but I really appreciate your taking the time out to suggest a solution.

Cheers!

from django-passwords.

What approach are you taking? Maybe I can learn something... ;)

from django-passwords.

Password length is so important - even more important than randomness. We wanted to let users choose a strong password no matter how they got there. Could be readable and full of dictionary words as long as it's long. Or a user might prefer a short, random looking password. Or a combination. We don't care how they get there, as long as its strong. We also wanted to provide visual feedback in the form in real time rather than having to submit / refresh each time.

I came across this article on a JS package called zxcvbn which sounded fantastic. But I still wanted back-end validation. Then I found a python port of the same package:

https://github.com/dropbox/python-zxcvbn

So, what I'm working on is this:

• Choose a minimum entropy level that will apply everywhere - stored in settings
• Write a simple minimal clean() method for field validation without javascript
• Write a simple JSON endpoint that returns "valid":true/false and a dictionary of returned entropy factors
• Do the rest in JS on the page, consuming that API on most keypresses (using jquery debounce to throttle it a bit)

The result took a bit of fiddling and is a bit "fuzzy" but it's working great! I might publish it.

from django-passwords.

Sounds great! Please do publish it.

from django-passwords.

Hi @maccesch - I've written up a blog post detailing the approach I took here:

http://birdhouse.org/blog/2015/06/16/sane-password-strength-validation-for-django-with-zxcvbn/

Hope someone finds it useful!

from django-passwords.

Nice, thanks!
Im reopening this issue to maybe be implemented in the future

from django-passwords.