pawamoy / django-zxcvbn-password Goto Github PK

Hi,
It seems the v2.0.0 does not work with Django 2.1 (TypeError on render), however the latest github version does. Just wondering if there are any plans to release 2.0.1 to pypi anytime soon?

thanks.

Bootstrap 4 has new classes for the progress bar background color.

I'd be happy to help with a PR for any of these fixes:

• Updating this repo to support Bootstrap 4 and documenting that Bootstrap 3 users need to add the new Bootstrap 4 classes
• Adding a BOOTSTRAP_VERSION variable that defaults to version 4 but allows the user to set it to version 3 if they're using the old version of bootstrap
• Leaving it the way it is now and just documenting that Bootstrap 4 users need to add the old Bootstrap 3 classes as I've done

Thanks for building this!

The strength meter should go green only if it has reached the required entropy.
The color is currently based on fixed values.

Latest release on PyPi is still using zxcvbn-python, which is deprecated, as it changed name to zxcvbn. This raises a deprecation warning.

So 1.8 is on LTS support until at least April 2018. Is there any chance that we can get a 2.0.x release that supports 1.8?

Hi 👊

This is my first visit to this fine repo, but it seems you have been working hard to keep all dependencies updated so far.

Once you have closed this issue, I'll create seperate pull requests for every update as soon as I find one.

That's it for now!

Happy merging! 🤖

To avoid discrepancies between the client-side and server-side validation, we should get rid of the client-side validation using javascript. Instead, we should simply send a request upon password field modification to validate the current input against the server. The view handling the request would return the warnings and feedback. Client-side HTML page would only display the progress bar.

This would also allow validation against custom dictionaries on the client side, not only server one.

See #95 (comment)

The Your password must be stronger. suggestion added as a rule under the New password field is very confusing for users. I think you misunderstood what get_help_text is for.

get_help_text(): provide a help text to explain the requirements to the user.

ZXCVBN js code should import dictionaries from files instead of hardcoding them. It would allow us to use dictionaries from other languages too (currently only english).
It would also be great to be able to choose which dicts are used when using the app.

django is failing to work - throwing a Syntax Error on

raise ValidationError([_(msg) for msg in [*warnings, *suggestions]], code=self.code, params={})

  File "/path/to/local/lib/python2.7/site-packages/django/urls/resolvers.py", line 364, in resolve
    for pattern in self.url_patterns:
  File "/path/to/local/lib/python2.7/site-packages/django/utils/functional.py", line 35, in __get__
    res = instance.__dict__[self.name] = self.func(instance)
  File "/path/to/local/lib/python2.7/site-packages/django/urls/resolvers.py", line 407, in url_patterns
    patterns = getattr(self.urlconf_module, "urlpatterns", self.urlconf_module)
  File "/path/to/local/lib/python2.7/site-packages/django/utils/functional.py", line 35, in __get__
    res = instance.__dict__[self.name] = self.func(instance)
  File "/path/to/local/lib/python2.7/site-packages/django/urls/resolvers.py", line 400, in urlconf_module
    return import_module(self.urlconf_name)
  File "/usr/lib/python2.7/importlib/__init__.py", line 37, in import_module
    __import__(name)
  File "./portal/urls.py", line 8, in <module>
    from users.views import logout_page
  File "./users/views.py", line 16, in <module>
    from users.forms import RegistrationForm
  File "./users/forms.py", line 4, in <module>
    from fields import PortalPasswordField, PortalPasswordConfirmationField
  File "./users/fields.py", line 1, in <module>
    from zxcvbn_password.fields import PasswordField, PasswordConfirmationField
  File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/__init__.py", line 13, in <module>
    from zxcvbn_password.fields import PasswordConfirmationField, PasswordField
  File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/fields.py", line 14, in <module>
    from zxcvbn_password.widgets import (
  File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/widgets.py", line 11, in <module>
    from .utils import zxcvbn_min_score
  File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/utils.py", line 3, in <module>
    from .validators import DEFAULT_MIN_SCORE
  File "/path/to/local/lib/python2.7/site-packages/zxcvbn_password/validators.py", line 60
    raise ValidationError([_(msg) for msg in [*warnings, *suggestions]], code=self.code, params={})
                                              ^
SyntaxError: invalid syntax

What I'm looking for is rather than the text showing "Warning: This password would take {{ password_strength_time }} to crack", something like "Password Strength: {{ zxcvbn_score }}".

I'd use Django's render_to_string so that I could use template tags. This would allow me to do something like:

PASSWORD_STRENGTH_WARNING = "Password strength: {% if zxcvbn_score < 2 %}Weak{% else %}Strong{% endif %}"

Default implementation would be the current message so this would only apply to users who want to override the warning message.

Is this something you'd entertain? Thanks again for building and maintaining this library!

I've worked to create an updated zxcvbn python library based on the newest JS codebase and to also support python3. My port is now listed as the suggested python port on the main zxcvbn repository readme. Since Django will soon not support python2 you may want to consider changing your dependency to my library. Let me know if I can help in any way.

https://github.com/dwolfhub/zxcvbn-python

I found it a bit challenging to get the static media wired up. Even though the docs suggesting seeing the upstream repos for more information, they weren't super helpful either.

So that staticfilesfinder can find the js assets, this must be added to INSTALLED_APPS:

'zxcvbn_password',

You refer to form.media, but that doesn't work because the example form in the docs doesn't have a Media: class. However, I think it's easier to just include JS in the template:

{% load static %}
...
<script src="{% static 'zxcvbn_password/js/zxcvbn.js' %}"></script>
<script src="{% static 'zxcvbn_password/js/password_strength.js' %}"></script>

With that done, it started working but the indicator bar never changed color. Had to add to my css:

.progress-bar-warning {
    background-color: yellow;
}

.progress-bar-danger {
    background-color: red;
}

.progress-bar-success {
    background-color: green;
}

Finally, a little guidance on processing a valid password would be helpful (since we don't see Django's set_password() all that often:

        if form.is_valid():
            user = request.user
            user.set_password(form.cleaned_data['password1'])
            user.save()

I'll do a PR if you approve of the idea.