tarak / django-password-policies Goto Github PK
View Code? Open in Web Editor NEWDjango unicode-aware password policies.
License: Other
Django unicode-aware password policies.
License: Other
In the entropy validator you divide the password entropy by the ideal entropy based on the string length. However in it's method ideal_entropy
you take math.log(1/length)
, which for a length of 1 is equal to zero. This leads to division by zero.
Hi
with django 1.9, an error occured when setting-up the application.
File "XXX/lib/python3.5/site-packages/password_policies/urls.py", line 3, in
from password_policies.views import PasswordChangeFormView
File "XXX/lib/python3.5/site-packages/password_policies/views.py", line 19, in
from password_policies.forms import PasswordPoliciesForm
File "XXX/lib/python3.5/site-packages/password_policies/forms/init.py", line 8, in
from django.contrib.sites.models import get_current_site
ImportError: cannot import name 'get_current_site
In Django Deprecation Timeline
https://docs.djangoproject.com/es/1.9/internals/deprecation/#deprecation-removed-in-1-9
there is the reason
"RequestSite and get_current_site() will no longer be importable from django.contrib.sites.models."
Is it possibile to fix it with
try:
from django.contrib.sites.models import get_current_site
except ImportError:
from django.contrib.sites.shortcuts import get_current_site
, correct?
Thank you
Pietro
Hello,
The latest version on PyPi is 0.4.1 [1], however the latest tagged version here is 0.3.2 [2]. This is confusing - can you please add the missing tags?
[1] https://pypi.python.org/pypi/django-password-policies
[2] https://github.com/tarak/django-password-policies/releases
Thanks
Hi,
Is there any plans for Django 1.7 support? I see there is a fork from @hidashun (https://github.com/hidashun/django-password-policies) mentioning Django 1.7 fixes on commits messages but no pull request associated with this.
Thanks.
I propose that the creation of a PasswordHistory record should only occur when the 'commit' parameter is True. This allows a sub-form to make the call object = form.save(commit=False) to get the user object without creating a history record.
File: forms/init.py
class PasswordPoliciesForm
method save()
Code: Indent lines 95 to 99.
After submitting the password change form, I sometimes get this error, and sometimes the password change is successful.
AssertionError at /portal/user/mypass/
PasswordChangeRequired object can't be deleted because its id attribute is set to None.
Request Method: POST
Request URL: https://172.16.22.143/portal/user/mypass/
Django Version: 1.7.7
Exception Type: AssertionError
Exception Value:
PasswordChangeRequired object can't be deleted because its id attribute is set to None.
Exception Location: /usr/local/lib/python2.7/dist-packages/django/db/models/base.py in delete, line 735
Python Executable: /usr/local/bin/uwsgi
Python Version: 2.7.3
/usr/local/lib/python2.7/dist-packages/password_policies/forms/init.py in save
raise forms.ValidationError(self.error_messages['password_similar'])
return cleaned_data
def save(self, commit=True):
user = super(PasswordPoliciesChangeForm, self).save(commit=commit)
try:
if user.password_change_required:
user.password_change_required.delete() ...
except ObjectDoesNotExist:
pass
return user
One solution is to check the user.password_change_required.id is not None before calling .delete().
Environment:
Request Method: GET
Request URL: http://127.0.0.1:8000/
Django Version: 1.5.2
Python Version: 2.7.5
Installed Applications:
('django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.admin',
'django.contrib.markup',
'settings_context_processor',
'compressor',
'south',
'floppyforms',
'impersonate',
'rest_framework',
'password_policies',
'luft_utils',
'core',
'mezixicht',
'data_migration',
'django_extensions',
'devserver')
Installed Middleware:
('django.middleware.common.CommonMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'core.middleware.CheckPasswordExpiration',
'impersonate.middleware.ImpersonateMiddleware')
Traceback:
File "/data/.envs/scorp/local/lib/python2.7/site-packages/django/core/handlers/base.py" in get_response
115. response = callback(request, *callback_args, **callback_kwargs)
File "/data/.envs/scorp/local/lib/python2.7/site-packages/django/contrib/auth/decorators.py" in _wrapped_view
25. return view_func(request, *args, **kwargs)
File "/data/www/outcomm/scorp/core/views.py" in homepage
7. return render(request, 'dashboard.html', {})
File "/data/.envs/scorp/local/lib/python2.7/site-packages/django/shortcuts/__init__.py" in render
49. context_instance = RequestContext(request, current_app=current_app)
File "/data/.envs/scorp/local/lib/python2.7/site-packages/django/template/context.py" in __init__
179. self.update(processor(request))
File "/data/.envs/scorp/local/lib/python2.7/site-packages/password_policies/context_processors.py" in password_status
29. r = PasswordHistory.objects.change_required(request.user)
File "/data/.envs/scorp/local/lib/python2.7/site-packages/password_policies/managers.py" in change_required
46. if last_change_date < expired_date:
Exception Type: TypeError at /
Exception Value: can't compare offset-naive and offset-aware datetimes
Instead of using
django>=1.5,<=1.6
It maybe better to use
django>=1.5,<1.7
As it is now the requirements will uninstall Django 1.6.1 or 1.6.2 etc. The other option is to keep this up to date. I doubt that future minor point releases, i.e 1.6.3 etc, will break the app.
could you tag a new release with italian translations?
Hi,
I have forked the project and I continue the work in my fork: https://github.com/iplweb/django-password-policies-iplweb
Feel free to report any issues, patches, docs improvements also badly needed.
I'm using this in a commercial project so I guess I'll maintain my fork for a few years at least.
If I set PASSWORD_USE_HISTORY to False I always get this exception
From what I can see, the pytz package is no longer used. Rather, django.utils.timezone appears to be used instead. Is pytz still required?
Tarak, when do you plan on releasing this version on pypi? I want to get these changes into my application. Thanks. Bob
Hi there. It looks like some recent changes (the UNUSABLE_PASSWORD fix for Django 1.6.3+ specifically) are in master, but not in the latest version of PyPI. Could you roll a new version out to PyPI? Thanks!
When using password policies, I get the following error when trying changing the password:
Traceback (most recent call last):
File "/Users/eduardo.carvalho/workspace/kolab-dashboard/env/lib/python2.7/site-packages/django/core/handlers/base.py", line 201, in get_response
response = middleware_method(request, response)
File "/Users/eduardo.carvalho/workspace/kolab-dashboard/env/lib/python2.7/site-packages/django/contrib/sessions/middleware.py", line 38, in process_response
request.session.save()
File "/Users/eduardo.carvalho/workspace/kolab-dashboard/env/lib/python2.7/site-packages/django/contrib/sessions/backends/db.py", line 57, in save
session_data=self.encode(self._get_session(no_load=must_create)),
File "/Users/eduardo.carvalho/workspace/kolab-dashboard/env/lib/python2.7/site-packages/django/contrib/sessions/backends/base.py", line 87, in encode
serialized = self.serializer().dumps(session_dict)
File "/Users/eduardo.carvalho/workspace/kolab-dashboard/env/lib/python2.7/site-packages/django/core/signing.py", line 88, in dumps
return json.dumps(obj, separators=(',', ':')).encode('latin-1')
File "/usr/local/Cellar/python/2.7.6_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/__init__.py", line 250, in dumps
sort_keys=sort_keys, **kw).encode(obj)
File "/usr/local/Cellar/python/2.7.6_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/encoder.py", line 207, in encode
chunks = self.iterencode(o, _one_shot=True)
File "/usr/local/Cellar/python/2.7.6_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/encoder.py", line 270, in iterencode
return _iterencode(o, 0)
File "/usr/local/Cellar/python/2.7.6_1/Frameworks/Python.framework/Versions/2.7/lib/python2.7/json/encoder.py", line 184, in default
raise TypeError(repr(o) + " is not JSON serializable")
TypeError: datetime.datetime(2014, 8, 14, 17, 57, 53, 151293, tzinfo=<UTC>) is not JSON serializable
The password changes, but I get the error because of the json session serializer.
When I change the following setting on settings.py:
SESSION_SERIALIZER='django.contrib.sessions.serializers.PickleSerializer'
I gess it should be in the docs.
I suggest a Setting that forces password changes on first login, as this is required by many safety standards.
issues with redirecting to login page after password change
Django 1.6 changed validation of email addresses. Regex disappeared, see django/django/core/validators.py
Traceback (most recent call last):
File "setup.py", line 26, in <module>
test_suite='tests.main',
File "/usr/lib/python2.7/distutils/core.py", line 152, in setup
dist.run_commands()
File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands
self.run_command(cmd)
File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
File "/usr/lib/python2.7/dist-packages/setuptools/command/test.py", line 138, in run
self.with_project_on_sys_path(self.run_tests)
File "/usr/lib/python2.7/dist-packages/setuptools/command/test.py", line 118, in with_project_on_sys_path
func()
File "/usr/lib/python2.7/dist-packages/setuptools/command/test.py", line 164, in run_tests
testLoader = cks
File "/usr/lib/python2.7/unittest/main.py", line 94, in __init__
self.parseArgs(argv)
File "/usr/lib/python2.7/unittest/main.py", line 149, in parseArgs
self.createTests()
File "/usr/lib/python2.7/unittest/main.py", line 158, in createTests
self.module)
File "/usr/lib/python2.7/unittest/loader.py", line 128, in loadTestsFromNames
suites = [self.loadTestsFromName(name, module) for name in names]
File "/usr/lib/python2.7/unittest/loader.py", line 91, in loadTestsFromName
module = __import__('.'.join(parts_copy))
File "/home/dev/django-password-policies/tests.py", line 13, in <module>
from password_policies.tests import settings
File "/home/dev/django-password-policies/password_policies/tests/__init__.py", line 1, in <module>
from password_policies.tests.forms import *
File "/home/dev/django-password-policies/password_policies/tests/forms.py", line 5, in <module>
from password_policies.forms import PasswordPoliciesForm, PasswordPoliciesChangeForm
File "/home/dev/django-password-policies/password_policies/forms/__init__.py", line 16, in <module>
from password_policies.forms.fields import PasswordPoliciesField
File "/home/dev/django-password-policies/password_policies/forms/fields.py", line 3, in <module>
from password_policies.forms.validators import validate_common_sequences
File "/home/dev/django-password-policies/password_policies/forms/validators.py", line 9, in <module>
from django.core.validators import email_re
ImportError: cannot import name email_re
Does this app require users to change the Django setting SESSION_SERIALIZER
to 'django.contrib.sessions.serializers.PickleSerializer'
? Based on the Django documentation, this seems like a fairly steep price to pay: https://docs.djangoproject.com/en/1.7/topics/http/sessions/#session-serialization.
Is there anything we can do to help add support for JSONSerializer
?
Hello,
I am using django-password-policies v0.3.2 with django 1.8.3.
When I deploy my Django site with a uwsgi prefix, the middleware that should enforce a password change fails. It is letting the user through.
I could fix the issue by changing resolve(request.path) into resolve(request.path_info) on line 143 in middleware.py.
Request.path_info does not contain the site prefix and will resolve. Request.path contains the prefix and will not resolve letting the user pass...
Am I doing something wrong or is this a bug?
kind regards,
Lode
Changes in Django 1.10 means MIDDLEWARE_CLASSES now becomes MIDDLEWARE.
password_policies.middleware.PasswordChangeMiddleware now broken:
in load_middleware
mw_instance = middleware(handler)
TypeError: object() takes no parameters
All it seems to need is:
from django.utils.deprecation import MiddlewareMixin
class PasswordChangeMiddleware(MiddlewareMixin):
Tested, and seems fine.
Merged #26. Needs to be uploaded to PyPI. Will be done after visiting grandma...
How do you build the password reset confirm url in the email template? I can't figure out how to do it.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.