def test_validate(self): expected_error = "This password is too common." self.assertIsNone(CommonPasswordValidator().validate('a-safe-password')) with self.assertRaises(ValidationError) as cm: CommonPasswordValidator().validate('godzilla') self.assertEqual(cm.exception.messages, [expected_error])
def test_validate_custom_list(self): path = os.path.dirname(os.path.realpath(__file__)) + '/common-passwords-custom.txt' validator = CommonPasswordValidator(password_list_path=path) expected_error = "This password is too common." self.assertIsNone(validator.validate('a-safe-password')) with self.assertRaises(ValidationError) as cm: validator.validate('from-my-custom-list') self.assertEqual(cm.exception.messages, [expected_error])
def validacao_senha_redefinicao(request): senha = loads(request.body)['valor'] resposta = {} tamanho_minimo = MinimumLengthValidator(8) numerica = NumericPasswordValidator() comum = CommonPasswordValidator() similar = UserAttributeSimilarityValidator(('nome', 'sobrenome', 'email'), max_similarity=0.7) # Checando se a senha tem no mínimo 8 caracteres try: tamanho_minimo.validate(senha) except ValidationError: tamanho_minimo = False # Checando se a senha é totalmente numérica try: numerica.validate(senha) except ValidationError: numerica = False # Checando se a senha é comum try: comum.validate(senha) except ValidationError: comum = False # Checando se a senha é similar a outras informações do usuário try: similar.validate(senha, request.user) except ValidationError as e: similar = False if not tamanho_minimo: status = 400 resposta['status'] = 'inválido' resposta['erro'] = 'Sua senha deve conter pelo menos 8 caracteres' elif not numerica: status = 400 resposta['status'] = 'inválido' resposta['erro'] = 'Sua senha não pode ser inteiramente numérica' elif not comum: status = 400 resposta['status'] = 'inválido' resposta['erro'] = 'Essa senha é muito comum. Tente outra' elif not similar: status = 400 resposta['status'] = 'inválido' resposta[ 'erro'] = 'Essa senha é muito parecida com seu e-mail ou com seu nome' else: status = 200 resposta['status'] = 'válido' return JsonResponse(resposta, status=status)
def test_validate_custom_list(self): path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'common-passwords-custom.txt') validator = CommonPasswordValidator(password_list_path=path) expected_error = "This password is too common." self.assertIsNone(validator.validate('a-safe-password')) with self.assertRaises(ValidationError) as cm: validator.validate('from-my-custom-list') self.assertEqual(cm.exception.messages, [expected_error]) self.assertEqual(cm.exception.error_list[0].code, 'password_too_common')
def test_validate_custom_list(self): path = os.path.join(os.path.dirname(os.path.realpath(upath(__file__))), "common-passwords-custom.txt") validator = CommonPasswordValidator(password_list_path=path) expected_error = "This password is too common." self.assertIsNone(validator.validate("a-safe-password")) with self.assertRaises(ValidationError) as cm: validator.validate("from-my-custom-list") self.assertEqual(cm.exception.messages, [expected_error]) self.assertEqual(cm.exception.error_list[0].code, "password_too_common")
def auth_redir(request): try: User_name = request.POST['name'] User_email = request.POST['email'] User_password = request.POST['password'] minlengthpass = MinimumLengthValidator() commonpass = CommonPasswordValidator() try: minlengthpass.validate(User_password) except: minlength_error = "Пароль слишком короткий, он должен содержать минимум 8 символов" return render(request, 'cooking/auth.html', {'minlength_error': minlength_error}) try: commonpass.validate(User_password) except: common_error = "Пароль слишком простой" return render(request, 'cooking/auth.html', {'common_error': common_error}) hasher = PBKDF2PasswordHasher() salt = get_random_string( 12, "QWERTYUIOPASDFGHJKLZXCVBNMqwertyuiopasdfghjklzxcvbnm1234567890") User_password = hasher.encode(password=User_password, salt=salt, iterations=180000) if UserInfo.objects.filter(user_name=User_name).exists(): user_error = "Пользователь с таким именем уже существует" return render(request, 'cooking/auth.html', {'user_error': user_error}) else: secret = get_random_string( 50, 'qwertyuiopasdfghjlkzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM1234567890!@#$%^&*()_-' ) Userinfo = UserInfo(user_name=User_name, user_img=" ", user_email=User_email, user_password=User_password, user_soup_list=" ", user_secret=secret) Userinfo.save() response = HttpResponseRedirect('/cooking/') if request.COOKIES.get('livetime'): time = int(request.COOKIES.get('livetime')) response.set_cookie('wasauthorised', secret, time) else: response.set_cookie('wasauthorised', secret, 1209600) return response except: return HttpResponseRedirect('/cooking/register/')
def clean_password2(self): password1 = self.cleaned_data.get("password1") password2 = self.cleaned_data.get("password2") if password1 and password2 and password1 != password2: raise ValidationError("Password don't match") user = User( username=self.cleaned_data.get("username"), email=self.cleaned_data.get("email"), password=self.cleaned_data.get("password2"), ) password_validators = [ MinimumLengthValidator(), UserAttributeSimilarityValidator(), CommonPasswordValidator(), NumericPasswordValidator(), ] try: validate_password( password=self.cleaned_data["password2"], user=user, password_validators=password_validators, ) except ValidationError as e: logger.error("validation failed") raise ValidationError(e) return self.cleaned_data["password2"]
def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.password_validators = [ SpecialCharactersValidator(), NumbersValidator(), CommonPasswordValidator() ]
def clean_password(self): password = self.cleaned_data.get('password') password_validation.validate_password( password, password_validators=(MinimumLengthValidator(min_length=6), NumericPasswordValidator(), CommonPasswordValidator())) return password
class RegisterForm(forms.ModelForm): error_messages = { 'password_mismatch': _("The two password fields didn't match."), 'email_occupation': 'Данный адрес почты уже используется', } class Meta: model = User fields = ['username', 'first_name', 'last_name', 'email'] def __init__(self, *args, **kwargs): super(RegisterForm, self).__init__(*args, **kwargs) for key in self.fields: self.fields[key].required = True password1 = forms.CharField( label=_("Password"), widget=forms.PasswordInput, validators=[ MinimumLengthValidator(min_length=8).validate, UserAttributeSimilarityValidator().validate, CommonPasswordValidator().validate, NumericPasswordValidator().validate ]) password2 = forms.CharField( label=_("Password confirmation"), widget=forms.PasswordInput, help_text=_("Enter the same password as above, for verification.")) def clean_password2(self): password1 = self.cleaned_data.get("password1") password2 = self.cleaned_data.get("password2") if password1 and password2 and password1 != password2: raise forms.ValidationError( self.error_messages['password_mismatch'], code='password_mismatch', ) return password2 def clean_email(self, *args, **kwargs): email = self.cleaned_data.get("email") if User.objects.filter(email=email).exists(): raise forms.ValidationError( self.error_messages['email_occupation'], code='email_occupation', ) return email def save(self, commit=True): user = super(RegisterForm, self).save(commit=False) user.set_password(self.cleaned_data["password1"]) if commit: user.save() return user
def clean_password_2(self): UserAttributeSimilarityValidator().validate( self.cleaned_data['password']) NumericPasswordValidator().validate(self.cleaned_data['password']) CommonPasswordValidator().validate(self.cleaned_data['password']) if self.cleaned_data['password'] != self.cleaned_data['password_2']: raise forms.ValidationError( 'Passwords do not match. Please, provide password again.') return self.cleaned_data['password']
def validacao_senha_registro(request): senha = loads(request.body)['valor'] resposta = {} tamanho_minimo = MinimumLengthValidator(8) numerica = NumericPasswordValidator() comum = CommonPasswordValidator() # Checando se a senha tem no mínimo 8 caracteres try: tamanho_minimo.validate(senha) except ValidationError: tamanho_minimo = False # Checando se a senha é totalmente numérica try: numerica.validate(senha) except ValidationError: numerica = False # Checando se a senha é comum try: comum.validate(senha) except ValidationError: comum = False if not tamanho_minimo: status = 400 resposta['status'] = 'inválido' resposta['erro'] = 'Sua senha deve conter pelo menos 8 caracteres' elif not numerica: status = 400 resposta['status'] = 'inválido' resposta['erro'] = 'Sua senha não pode ser inteiramente numérica' elif not comum: status = 400 resposta['status'] = 'inválido' resposta['erro'] = 'Essa senha é muito comum. Tente outra.' else: status = 200 resposta['status'] = 'válido' return JsonResponse(resposta, status=status)
class ProfileEditForm(forms.ModelForm): """ Форма для редактирования пользователя. """ password = forms.CharField(widget=forms.PasswordInput(), \ label=_('Новый пароль'), required=False, validators=[ UserAttributeSimilarityValidator(), MinimumLengthValidator(), CommonPasswordValidator(), NumericPasswordValidator() ]) password_confirm = forms.CharField(widget=forms.PasswordInput(), \ label=_('Подтвердите новый пароль'), required=False) class Meta: model = get_user_model() fields = ['username', 'email'] labels = { 'username': _('Username'), 'email': _('Email'), } help_texts = { 'username': _('Латинские буквы, цифры и @ / . / + / - / _') } error_messages = { 'username': { 'unique': _('Пользователь с таким username уже существует') } } def clean(self): """ Валидация всей формы, в целом. """ cleaned_data = super(ProfileEditForm, self).clean() password = cleaned_data.get('password') password_confirm = cleaned_data.get('password_confirm') if password != password_confirm: raise forms.ValidationError(_('Пароли не совпадают')) def save(self, commit=True): """ Сохранение отредактированной формы в БД. """ hr_user = super(ProfileEditForm, self).save(commit=False) password = self.cleaned_data['password'] if password is not None and password: hr_user.set_password(password) if commit: hr_user.save() return hr_user
def clean_password(self): password = self.cleaned_data.get('password') print(password) if CommonPasswordValidator().validate(password): raise forms.ValidationError( "Password too common, Please chose some other password") elif MinimumLengthValidator().validate(password): raise forms.ValidationError( "Password must be of minimum 9 characters length") else: return password
def validate(self, password, user=None): amount = pwned_password(password) if amount is None: # HIBP API failure. Instead of allowing a potentially compromised # password, check Django's list of common passwords generated from # the same database. CommonPasswordValidator().validate(password, user) elif amount: raise ValidationError( ungettext( self.error_message['singular'], self.error_message['plural'], amount, ), params={'amount': amount}, code='pwned_password', )
class SignUpSerializer(BaseSerializer): email = serializers.EmailField(max_length=254) password = serializers.CharField( max_length=128, validators=[ UserAttributeSimilarityValidator( user_attributes=('username', 'email')).validate, MinimumLengthValidator().validate, CommonPasswordValidator().validate, NumericPasswordValidator().validate, ]) @staticmethod def get_account_creation_data(validated_data: dict): creation_data = { 'organization_slug': validated_data['organization_slug'], 'username': validated_data.get('username') or 'master', 'email': validated_data['email'], 'password': validated_data['password'], } return creation_data
def test_help_text(self): self.assertEqual( CommonPasswordValidator().get_help_text(), "Your password can't be a commonly used password." )
def test_validate_django_supplied_file(self): validator = CommonPasswordValidator() for password in validator.passwords: self.assertEqual(password, password.lower())
def clean_password(self): password = self.cleaned_data['password'] validator = CommonPasswordValidator() validator.validate(password) return password
def test_get_help_text_matches_django(self): self.assertEqual( PwnedPasswordsValidator().get_help_text(), CommonPasswordValidator().get_help_text(), )
from typing import Optional, Union from django.contrib.auth.base_user import AbstractBaseUser from django.contrib.auth.password_validation import CommonPasswordValidator from django.core.exceptions import ValidationError from django.utils.deconstruct import deconstructible from django.utils.functional import Promise from django.utils.translation import gettext_lazy as _ from django.utils.translation import ngettext from . import api StrOrTranslation = Union[str, Promise] common_password_validator = CommonPasswordValidator() @deconstructible class PwnedPasswordsValidator: """ Password validator which checks the Pwned Passwords database. """ DEFAULT_HELP_MESSAGE = common_password_validator.get_help_text() DEFAULT_PWNED_MESSAGE = _("This password is too common.") def __init__( self, error_message: Optional[StrOrTranslation] = None,