Skip to content
/ django-pwned-validator Public

Provides a password validator for Django that checks submitted passwords against the Pwned Passwords API

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

craigloftus/django-pwned-validator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
pwned
pwned
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
MANIFEST.in
MANIFEST.in
 
 
README.rst
README.rst
 
 
poetry.lock
poetry.lock
 
 
pyproject.toml
pyproject.toml
 
 
setup.py
setup.py
 
 
tox.ini
tox.ini
 
 

Repository files navigation

Django Pwned Passwords Validator

This package provides a password validator for Django that checks submitted passwords against the Pwned Passwords API.

To protect the security of the password being checked a range search is used. Specifically, only the first 5 characters of a SHA-1 password hash are sent to the API. The validator then locally looks for the full hash in the range returned.

Installation

pip install django-pwned-validator

Modify your settings.py to install the app and enable the validator:

INSTALLED_APPS = [
    'pwned.apps.PwnedConfig',
    ...
]

AUTH_PASSWORD_VALIDATORS = [
    {
        'NAME': 'pwned.validators.PwnedValidator',
    },
    ...
]

Compatibility

Supports Django 2.2 to 3.2 on Python 3.5 to 3.8.

About

Provides a password validator for Django that checks submitted passwords against the Pwned Passwords API

Topics

django validator passwords pwnedpasswords pwned-passwords

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages