Comments (7)
The right way would be to write a CompositeValidator
which has as members the existing validators but calls them only when the length of the password is shorter than some (configurable) threshold.
Pseudocode:
class CompositeValidator(object):
length_validator = LengthValidator(PASSWORD_MIN_LENGTH, PASSWORD_MAX_LENGTH)
complexity_validator = ComplexityValidator(PASSWORD_COMPLEXITY)
... further validators
def __call__(self, value):
try:
self.length_validator(value)
return
except ValidationError:
self.complexity_validator(value)
self.other_validator(value)
.... further validators
from django-passwords.
Thanks very much @maccesch . Looks like I'm going to take a different approach to this, but I really appreciate your taking the time out to suggest a solution.
Cheers!
from django-passwords.
What approach are you taking? Maybe I can learn something... ;)
from django-passwords.
Password length is so important - even more important than randomness. We wanted to let users choose a strong password no matter how they got there. Could be readable and full of dictionary words as long as it's long. Or a user might prefer a short, random looking password. Or a combination. We don't care how they get there, as long as its strong. We also wanted to provide visual feedback in the form in real time rather than having to submit / refresh each time.
I came across this article on a JS package called zxcvbn which sounded fantastic. But I still wanted back-end validation. Then I found a python port of the same package:
https://github.com/dropbox/python-zxcvbn
So, what I'm working on is this:
- Choose a minimum entropy level that will apply everywhere - stored in settings
- Write a simple minimal clean() method for field validation without javascript
- Write a simple JSON endpoint that returns "valid":true/false and a dictionary of returned entropy factors
- Do the rest in JS on the page, consuming that API on most keypresses (using jquery debounce to throttle it a bit)
The result took a bit of fiddling and is a bit "fuzzy" but it's working great! I might publish it.
from django-passwords.
Sounds great! Please do publish it.
from django-passwords.
Hi @maccesch - I've written up a blog post detailing the approach I took here:
http://birdhouse.org/blog/2015/06/16/sane-password-strength-validation-for-django-with-zxcvbn/
Hope someone finds it useful!
from django-passwords.
Nice, thanks!
Im reopening this issue to maybe be implemented in the future
from django-passwords.
Related Issues (20)
- Entropy as a measure of password strength HOT 1
- Django 1.7, Python 3.4 ImportError: cannot import name 'smart_unicode' HOT 7
- Customize error message HOT 1
- Issue with pypi HOT 1
- pip install django-passwords installs django-passwords 0.2.0 version HOT 1
- Validation no been applied on user creation HOT 4
- Please change travis email HOT 1
- Combine punctuation with special characters HOT 3
- Documentation pypi versus github HOT 1
- Translations defect HOT 1
- Unable to override AdminPasswordChangeForm to use PasswordFields HOT 1
- Compatibility with the Django password validators API HOT 2
- Override validator message HOT 1
- compatible with django 3? HOT 6
- New release HOT 2
- can't enable fuzzy matching for translation
- requirements should be in requirement.txt
- Django 4.0 compatibility
- Django 4.0+ Compatibility HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from django-passwords.