innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Fixed #29274 -- Increased the number of common passwords from 1k to 20k.

This commit is contained in:
GS-14 2018-04-10 12:02:03 -04:00 committed by Tim Graham
parent 60156750f6
commit 93331877c8
3 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
django/contrib/auth/common-passwords.txt.gz
View File

Binary file not shown.

4
django/contrib/auth/password_validation.py
View File

@ -162,8 +162,8 @@ class CommonPasswordValidator:
Validate whether the password is a common password.
The password is rejected if it occurs in a provided list, which may be gzipped.
The list Django ships with contains 1000 common passwords, created by Mark Burnett:
https://xato.net/passwords/more-top-worst-passwords/
The list Django ships with contains 20000 common passwords, created by
Royce Williams: https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
"""
DEFAULT_PASSWORD_LIST_PATH = os.path.join(
os.path.dirname(os.path.realpath(__file__)), 'common-passwords.txt.gz'

10
docs/topics/auth/passwords.txt
View File

@ -491,7 +491,7 @@ This example enables all four included validators:
eight.
* ``CommonPasswordValidator``, which checks whether the password occurs in a
list of common passwords. By default, it compares to an included list of
1000 common passwords.
20,000 common passwords.
* ``NumericPasswordValidator``, which checks whether the password isn't
entirely numeric.
@ -531,13 +531,17 @@ Django includes four validators:
Validates whether the password is not a common password. This converts the
password to lowercase (to do a case-insensitive comparison) and checks it
against a list of 1000 common password created by `Mark Burnett
<https://web.archive.org/web/20150315154609/https://xato.net/passwords/more-top-worst-passwords/>`_.
against a list of 20,000 common password created by `Royce Williams
<https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7>`_.
The ``password_list_path`` can be set to the path of a custom file of
common passwords. This file should contain one lowercase password per line
and may be plain text or gzipped.
.. versionchanged:: 2.1
In older versions, a list of 1,000 common passwords is used.
.. class:: NumericPasswordValidator()
Validates whether the password is not entirely numeric.