summaryrefslogtreecommitdiff
path: root/django/contrib/auth/password_validation.py
AgeCommit message (Collapse)Author
2025-07-23Refs #36500 -- Rewrapped long docstrings and block comments via a script.django-bot
Rewrapped long docstrings and block comments to 79 characters + newline using script from https://github.com/medmunds/autofix-w505.
2025-04-17Fixed #36314 -- Fixed MinimumLengthValidator error message translation.Ahmed Nassar
Regression in ec7d69035a408b357f1803ca05a7c991cc358cfa. Thank you Gabriel Trouvé for the report and Claude Paroz for the review.
2025-03-31Refs #28909 -- Simplified code using unpacking generalizations.Aarni Koskela
2025-02-18Fixed #36179 -- Unhexed entries and removed duplicates in ↵mimi89999
auth/common-passwords.txt.gz.
2024-10-15Fixed #35782 -- Allowed overriding password validation error messages.Ben Cail
2023-01-18Refs #34233 -- Used @functools.cache.Nick Pope
Python 3.9+ supports @functools.cache as an alias for @functools.lru_cache(maxsize=None).
2022-09-28Fixed #34056 -- Updated the list of common passwords for ↵Paolo Melchiorre
CommonPasswordValidator.
2022-02-07Refs #33476 -- Refactored code to strictly match 88 characters line length.Mariusz Felisiak
2022-02-07Refs #33476 -- Reformatted code with Black.django-bot
2022-01-04Fixed CVE-2021-45115 -- Prevented DoS vector in ↵Florian Apolloner
UserAttributeSimilarityValidator. Thanks Chris Bailey for the report. Co-authored-by: Adam Johnson <me@adamj.eu>
2021-12-13Improved wording in password validators docs and docstrings.Adam Johnson
2021-04-01Fixed #32316 -- Deferred accessing __file__.William Schwartz
Deferred accessing the module-global variable __file__ because the Python import API does not guarantee it always exists—in particular, it does not exist in certain "frozen" environments. The following changes advanced this goal. Thanks to Carlton Gibson, Tom Forbes, Mariusz Felisiak, and Shreyas Ravi for review and feedback.
2020-08-28Fixed #31912 -- Removed strict=True in Path.resolve() in project template ↵Mariusz Felisiak
and CommonPasswordValidator. This caused permission errors when user didn't have permissions to all intermediate directories in a Django installation path. Thanks tytusd and leonyxz for reports. Regression in edeec1247e52de6fc32cee93e96d4ce36003ea4b and 26554cf5d1e96db10d0d5f4b69683a22fb82fdf8.
2019-11-05Passed strict=True to Path.resolve() to enforce that the path must exist.Jon Dufresne
2019-06-28Fixed #30400 -- Improved typography of user facing strings.Jon Dufresne
Thanks Claude Paroz for assistance with translations.
2019-05-23Forced utf-8 encoding when loading common passwords in CommonPasswordValidator.Mariusz Felisiak
Previously we used `decode()` which defaults to utf-8. This change restores previous behavior. Follow up to 28eac41510eb9de728bdfbc22a36f33ac75394f2.
2019-05-22Refs #30116 -- Removed unnecessary str() calls in CommonPasswordValidator.Jon Dufresne
open() and gzip.open() supports path-like objects since Python 3.6.
2019-05-22Improved performance of loading common passwords in CommonPasswordValidator.Brad Solomon
CommonPasswordValidator.__init__ previously called either splitlines or readlines, creating an unneeded intermediate list in memory. For large custom password files, this could be burdensome.
2019-01-28Fixed #30137 -- Replaced OSError aliases with the canonical OSError.Jon Dufresne
Used more specific errors (e.g. FileExistsError) as appropriate.
2018-11-15Fixed #29952 -- Lowercased all passwords in contrib.auth's ↵Mathew Payne
auth/common-passwords.txt.gz.
2018-04-19Ref #23919 -- Replaced some os.path usage with pathlib.Path.Tom
2018-04-16Fixed #29274 -- Increased the number of common passwords from 1k to 20k.GS-14
2018-01-02Fixed #28902 -- Fixed password_validators_help_text_html() double escaping.Alvin Lindstam
2017-04-27Refs #27795 -- Replaced many force_text() with str()Claude Paroz
Thanks Tim Graham for the review.
2017-02-09Refs #23919 -- Removed default 'utf-8' argument for str.encode()/decode().Tim Graham
2017-02-07Converted usage of ugettext* functions to their gettext* aliasesClaude Paroz
Thanks Tim Graham for the review.
2017-01-20Refs #23919 -- Removed django.utils._os.upath()/npath()/abspathu() usage.Tim Graham
These functions do nothing on Python 3.
2017-01-19Refs #23919 -- Stopped inheriting from object to define new style classes.Simon Charette
2017-01-18Refs #23919 -- Stopped using django.utils.lru_cache().Aymeric Augustin
2017-01-18Refs #23919 -- Removed six.<various>_types usageClaude Paroz
Thanks Tim Graham and Simon Charette for the reviews.
2017-01-18Refs #23919 -- Removed encoding preambles and future importsClaude Paroz
2016-11-16Fixed #27467 -- Made UserAttributeSimilarityValidator max_similarity=0/1 ↵Tim Graham
work as documented. Thanks goblinJoel for the report and feedback.
2016-11-14Fixed E305 flake8 warnings.Ramin Farajpour Cami
2016-09-17Refs #27025 -- Fixed "invalid escape sequence" warnings in Python 3.6.Tim Graham
http://bugs.python.org/issue27364
2016-08-10Fixed #26909 -- Allowed UserAttributeSimilarityValidator to validate against ↵Andrew Nester
model properties.
2016-08-04Fixed #27020 -- Used a context manager to close files.Ville Skyttä
2016-05-07Fixed #26544 -- Delayed translations of SetPasswordForm help_textsClaude Paroz
Thanks Michael Bitzi for the reporti and Tim Graham for the review.
2015-10-10Pluralized translatable strings in password_validation.pyClaude Paroz
Forward port of 86dc4889f from master.
2015-09-28Refs #16860 -- Fixed password help text when there aren't any validators.Antoine Catton
This avoids creating an empty list which is invalid HTML 4.
2015-06-16Refs #16860 -- Fixed a resource and deprecation warning in password validation.Tim Graham
2015-06-10Refs #16860 -- Minor edits and fixes to password validation.Tim Graham
2015-06-07Fixed #16860 -- Added password validation to django.contrib.auth.Erik Romijn