pawamoy / django-zxcvbn-password Goto Github PK
View Code? Open in Web Editor NEWBack-end and Front-end password validation with ZXCVBN
License: ISC License
Back-end and Front-end password validation with ZXCVBN
License: ISC License
Hi,
It seems the v2.0.0 does not work with Django 2.1 (TypeError on render), however the latest github version does. Just wondering if there are any plans to release 2.0.1 to pypi anytime soon?
thanks.
Bootstrap 4 has new classes for the progress bar background color.
I'd be happy to help with a PR for any of these fixes:
BOOTSTRAP_VERSION
variable that defaults to version 4 but allows the user to set it to version 3 if they're using the old version of bootstrapThanks for building this!
The strength meter should go green only if it has reached the required entropy.
The color is currently based on fixed values.
Latest release on PyPi is still using zxcvbn-python, which is deprecated, as it changed name to zxcvbn. This raises a deprecation warning.
So 1.8 is on LTS support until at least April 2018. Is there any chance that we can get a 2.0.x release that supports 1.8?
Hi ๐
This is my first visit to this fine repo, but it seems you have been working hard to keep all dependencies updated so far.
Once you have closed this issue, I'll create seperate pull requests for every update as soon as I find one.
That's it for now!
Happy merging! ๐ค
To avoid discrepancies between the client-side and server-side validation, we should get rid of the client-side validation using javascript. Instead, we should simply send a request upon password field modification to validate the current input against the server. The view handling the request would return the warnings and feedback. Client-side HTML page would only display the progress bar.
This would also allow validation against custom dictionaries on the client side, not only server one.
See #95 (comment)
ZXCVBN js code should import dictionaries from files instead of hardcoding them. It would allow us to use dictionaries from other languages too (currently only english).
It would also be great to be able to choose which dicts are used when using the app.
django is failing to work - throwing a Syntax Error on
raise ValidationError([_(msg) for msg in [*warnings, *suggestions]], code=self.code, params={})
File "/path/to/local/lib/python2.7/site-packages/django/urls/resolvers.py", line 364, in resolve
for pattern in self.url_patterns:
File "/path/to/local/lib/python2.7/site-packages/django/utils/functional.py", line 35, in __get__
res = instance.__dict__[self.name] = self.func(instance)
File "/path/to/local/lib/python2.7/site-packages/django/urls/resolvers.py", line 407, in url_patterns
patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
File "/path/to/local/lib/python2.7/site-packages/django/utils/functional.py", line 35, in __get__
res = instance.__dict__[self.name] = self.func(instance)
File "/path/to/local/lib/python2.7/site-packages/django/urls/resolvers.py", line 400, in urlconf_module
return import_module(self.urlconf_name)
File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
__import__(name)
File "./portal/urls.py", line 8, in <module>
from users.views import logout_page
File "./users/views.py", line 16, in <module>
from users.forms import RegistrationForm
File "./users/forms.py", line 4, in <module>
from fields import PortalPasswordField, PortalPasswordConfirmationField
File "./users/fields.py", line 1, in <module>
from zxcvbn_password.fields import PasswordField, PasswordConfirmationField
File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/__init__.py", line 13, in <module>
from zxcvbn_password.fields import PasswordConfirmationField, PasswordField
File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/fields.py", line 14, in <module>
from zxcvbn_password.widgets import (
File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/widgets.py", line 11, in <module>
from .utils import zxcvbn_min_score
File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/utils.py", line 3, in <module>
from .validators import DEFAULT_MIN_SCORE
File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/validators.py", line 60
raise ValidationError([_(msg) for msg in [*warnings, *suggestions]], code=self.code, params={})
^
SyntaxError: invalid syntax
What I'm looking for is rather than the text showing "Warning: This password would take {{ password_strength_time }} to crack", something like "Password Strength: {{ zxcvbn_score }}".
I'd use Django's render_to_string
so that I could use template tags. This would allow me to do something like:
PASSWORD_STRENGTH_WARNING = "Password strength: {% if zxcvbn_score < 2 %}Weak{% else %}Strong{% endif %}"
Default implementation would be the current message so this would only apply to users who want to override the warning message.
Is this something you'd entertain? Thanks again for building and maintaining this library!
I've worked to create an updated zxcvbn python library based on the newest JS codebase and to also support python3. My port is now listed as the suggested python port on the main zxcvbn repository readme. Since Django will soon not support python2 you may want to consider changing your dependency to my library. Let me know if I can help in any way.
I found it a bit challenging to get the static media wired up. Even though the docs suggesting seeing the upstream repos for more information, they weren't super helpful either.
So that staticfilesfinder can find the js assets, this must be added to INSTALLED_APPS:
'zxcvbn_password',
You refer to form.media
, but that doesn't work because the example form in the docs doesn't have a Media:
class. However, I think it's easier to just include JS in the template:
{% load static %}
...
<script src="{% static 'zxcvbn_password/js/zxcvbn.js' %}"></script>
<script src="{% static 'zxcvbn_password/js/password_strength.js' %}"></script>
With that done, it started working but the indicator bar never changed color. Had to add to my css:
.progress-bar-warning {
background-color: yellow;
}
.progress-bar-danger {
background-color: red;
}
.progress-bar-success {
background-color: green;
}
Finally, a little guidance on processing a valid password would be helpful (since we don't see Django's set_password()
all that often:
if form.is_valid():
user = request.user
user.set_password(form.cleaned_data['password1'])
user.save()
I'll do a PR if you approve of the idea.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.