使用 django.contrib.auth.views.password_change 强制执行密码强度要求 [英] Enforcing password strength requirements with django.contrib.auth.views.password_change
问题描述
我们有一个 Django 应用程序,它需要特定级别的密码复杂性.我们目前通过客户端 JavaScript 强制执行此操作,这很容易被有适当动机的人打败.
We have a Django application that requires a specific level of password complexity. We currently enforce this via client-side JavaScript which can easily be defeated by someone who is appropriately motivated.
我似乎找不到任何有关使用 django contrib 内置视图设置服务器端密码强度验证的具体信息.在我重新发明轮子之前,有没有合适的方法来处理这个要求?
I cannot seem to find any specific information about setting up server-side password strength validation using the django contrib built in views. Before I go about re-inventing the wheel, is there a proper way to handle this requirement?
推荐答案
我还为此使用了自定义表单.在 urls.py 中指定您的自定义表单:
I also went with a custom form for this. In urls.py specify your custom form:
(r'^change_password/$', 'django.contrib.auth.views.password_change',
{'password_change_form': ValidatingPasswordChangeForm}),
从 PasswordChangeForm 继承并实现验证:
Inherit from PasswordChangeForm and implement validation:
from django import forms
from django.contrib import auth
class ValidatingPasswordChangeForm(auth.forms.PasswordChangeForm):
MIN_LENGTH = 8
def clean_new_password1(self):
password1 = self.cleaned_data.get('new_password1')
# At least MIN_LENGTH long
if len(password1) < self.MIN_LENGTH:
raise forms.ValidationError("The new password must be at least %d characters long." % self.MIN_LENGTH)
# At least one letter and one non-letter
first_isalpha = password1[0].isalpha()
if all(c.isalpha() == first_isalpha for c in password1):
raise forms.ValidationError("The new password must contain at least one letter and at least one digit or"
" punctuation character.")
# ... any other validation you want ...
return password1
这篇关于使用 django.contrib.auth.views.password_change 强制执行密码强度要求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
