Enforce a standard policy for local passwords by default

[jeremystretch]

NetBox version

v4.0.9

Feature type

Change to existing functionality

Proposed functionality

Although NetBox supports the enforcement for configurable password policy, it does not assert any policy by default. This FR proposes defining a simple default compliance policy for local passwords. The following criteria are proposed:

• Minimum length of 12 characters
• At least one each of lowercase characters, uppercase characters, numeric digits, and symbols

(This new default policy can be disabled by setting AUTH_PASSWORD_VALIDATORS = [] in the NetBox configuration.)

Use case

This will provide a reasonable baseline for ensuring the use of strong local passwords.

Database changes

No response

External dependencies

No response

[RangerRick]

FYI, this is overkill for defaults, but I ended up making a custom auth plugin that implements OWASP's recommendations for a complex password, using a regex. Putting it here in case anyone comes looking for something similar. :)

from django.core.exceptions import ValidationError
from django.utils.translation import gettext as _
import re

class OWASPValidator:
  def __init__(self):
    self.owasp_regex = re.compile('^(?:(?=.*\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))(?!.*(.)\1{2,})[A-Za-z0-9!~<>,;:_=?*+#."&§%°()\|\[\]\-\$\^\@\/]{12,128}$')

  def validate(self, password, user=None):
    if not self.owasp_regex.match(password):
      raise ValidationError(
        _("Password must meet the current OWASP recommendation for complex passwords: 12 to 128 characters, requiring at least 3 out 4 of uppercase and lowercase letters, numbers and special characters, and no more than 2 equal characters in a row."),
        code="password_too_weak",
      )

  def get_help_text(self):
    return _(
      "Password must meet the current OWASP recommendation for complex passwords: 12 to 128 characters, requiring at least 3 out 4 of uppercase and lowercase letters, numbers and special characters, and no more than 2 equal characters in a row."
    )