Last updated:
0 purchases
pwnedpasswordsdjango 5.1.0
pwned-passwords-django provides helpers for working with the
Pwned Passwords database from Have I Been Pwned in Django powered sites. Pwned Passwords is
an extremely large database of passwords known to have been
compromised through data breaches, and is useful as a tool for
rejecting common or weak passwords.
There are three main components to this application:
A password validator
which integrates with Django’s password-validation tools
and checks the Pwned Passwords database.
A Django middleware
(supporting both sync and async requests) which automatically checks
certain request payloads against the Pwned Passwords database.
An API client
providing direct access (both sync and async) to the Pwned Passwords
database.
All three use a secure, anonymized API which never transmits any
password or its full hash to any third party.
Usage
The recommended configuration is to enable both the validator and the
automatic password-checking middleware. To do this, make the following
changes to your Django settings.
First, add the validator to your AUTH_PASSWORD_VALIDATORS list:
AUTH_PASSWORD_VALIDATORS = [
# ... other password validators ...
{
"NAME": "pwned_passwords_django.validators.PwnedPasswordsValidator",
},
]
Then, add the middleware to your MIDDLEWARE list:
MIDDLEWARE = [
# .. other middlewares ...
"pwned_passwords_django.middleware.pwned_passwords_middleware",
]
For more details, consult the full documentation.
For personal and professional use. You cannot resell or redistribute these repositories in their original state.
There are no reviews.