Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/ubernostrum/pwned-passwords-django
Utilities for working with the Pwned Passwords database from Django.
https://github.com/ubernostrum/pwned-passwords-django
django password-strength passwords pwned-passwords python security
Last synced: 3 months ago
JSON representation
Utilities for working with the Pwned Passwords database from Django.
- Host: GitHub
- URL: https://github.com/ubernostrum/pwned-passwords-django
- Owner: ubernostrum
- License: bsd-3-clause
- Created: 2018-03-06T11:15:11.000Z (over 6 years ago)
- Default Branch: trunk
- Last Pushed: 2024-02-27T07:47:12.000Z (8 months ago)
- Last Synced: 2024-04-30T00:02:37.291Z (6 months ago)
- Topics: django, password-strength, passwords, pwned-passwords, python, security
- Language: Python
- Homepage: https://pwned-passwords-django.readthedocs.io/
- Size: 319 KB
- Stars: 116
- Watchers: 7
- Forks: 7
- Open Issues: 1
-
Metadata Files:
- Readme: README.rst
- License: LICENSE
Awesome Lists containing this project
- starred-awesome - pwned-passwords-django - Utilities for working with the Pwned Passwords database from Django (Python)
- stars - ubernostrum/pwned-passwords-django - Utilities for working with the Pwned Passwords database from Django. (Python)
- stars - ubernostrum/pwned-passwords-django - Utilities for working with the Pwned Passwords database from Django. (Python)
README
.. -*-restructuredtext-*-
.. image:: https://github.com/ubernostrum/pwned-passwords-django/workflows/CI/badge.svg
:alt: CI status image
:target: https://github.com/ubernostrum/pwned-passwords-django/actions?query=workflow%3ACI
``pwned-passwords-django`` provides helpers for working with the
`Pwned Passwords database from Have I Been Pwned
`_ in `Django
`_ powered sites. Pwned Passwords is
an extremely large database of passwords known to have been
compromised through data breaches, and is useful as a tool for
rejecting common or weak passwords.
There are three main components to this application:
* `A password validator
`_
which integrates with `Django's password-validation tools
`_
and checks the Pwned Passwords database.
* `A Django middleware
`_
(supporting both sync and async requests) which automatically checks
certain request payloads against the Pwned Passwords database.
* `An API client
`_
providing direct access (both sync and async) to the Pwned Passwords
database.
All three use a secure, anonymized API which `never transmits any
password or its full hash to any third party
`_.
Usage
-----
The recommended configuration is to enable both the validator and the
automatic password-checking middleware. To do this, make the following
changes to your Django settings.
First, add the validator to your AUTH_PASSWORD_VALIDATORS list:
.. code-block:: python
AUTH_PASSWORD_VALIDATORS = [
# ... other password validators ...
{
"NAME": "pwned_passwords_django.validators.PwnedPasswordsValidator",
},
]
Then, add the middleware to your MIDDLEWARE list:
.. code-block:: python
MIDDLEWARE = [
# .. other middlewares ...
"pwned_passwords_django.middleware.pwned_passwords_middleware",
]
For more details, consult `the full documentation
`_.