mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-03-31 19:46:42 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #29274 -- Increased the number of common passwords from 1k to 20k.

Browse Source
This commit is contained in:
GS-14 2018-04-10 12:02:03 -04:00 committed by Tim Graham
parent 60156750f6
commit 93331877c8
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
django/contrib/auth/common-passwords.txt.gz
View File

Binary file not shown.

4
django/contrib/auth/password_validation.py
View File

@ -162,8 +162,8 @@ class CommonPasswordValidator:
Validate whether the password is a common password. Validate whether the password is a common password.
The password is rejected if it occurs in a provided list, which may be gzipped. The password is rejected if it occurs in a provided list, which may be gzipped.
The list Django ships with contains 1000 common passwords, created by Mark Burnett: The list Django ships with contains 20000 common passwords, created by
https://xato.net/passwords/more-top-worst-passwords/ Royce Williams: https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
""" """
DEFAULT_PASSWORD_LIST_PATH = os.path.join( DEFAULT_PASSWORD_LIST_PATH = os.path.join(
os.path.dirname(os.path.realpath(__file__)), 'common-passwords.txt.gz' os.path.dirname(os.path.realpath(__file__)), 'common-passwords.txt.gz'

10
docs/topics/auth/passwords.txt
View File

@ -491,7 +491,7 @@ This example enables all four included validators:
eight. eight.
* ``CommonPasswordValidator``, which checks whether the password occurs in a * ``CommonPasswordValidator``, which checks whether the password occurs in a
list of common passwords. By default, it compares to an included list of list of common passwords. By default, it compares to an included list of
1000 common passwords. 20,000 common passwords.
* ``NumericPasswordValidator``, which checks whether the password isn't * ``NumericPasswordValidator``, which checks whether the password isn't
entirely numeric. entirely numeric.
@ -531,13 +531,17 @@ Django includes four validators:
Validates whether the password is not a common password. This converts the Validates whether the password is not a common password. This converts the
password to lowercase (to do a case-insensitive comparison) and checks it password to lowercase (to do a case-insensitive comparison) and checks it
against a list of 1000 common password created by `Mark Burnett against a list of 20,000 common password created by `Royce Williams
<https://web.archive.org/web/20150315154609/https://xato.net/passwords/more-top-worst-passwords/>`_. <https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7>`_.
The ``password_list_path`` can be set to the path of a custom file of The ``password_list_path`` can be set to the path of a custom file of
common passwords. This file should contain one lowercase password per line common passwords. This file should contain one lowercase password per line
and may be plain text or gzipped. and may be plain text or gzipped.
.. versionchanged:: 2.1
In older versions, a list of 1,000 common passwords is used.
.. class:: NumericPasswordValidator() .. class:: NumericPasswordValidator()
Validates whether the password is not entirely numeric. Validates whether the password is not entirely numeric.