Fixed #34056 -- Updated the list of common passwords for CommonPasswordValidator.

This commit is contained in:
Paolo Melchiorre 2022-09-28 11:27:10 +02:00 committed by Mariusz Felisiak
parent 10bb21e71e
commit fa3afc5d86
4 changed files with 9 additions and 3 deletions

View File

@ -221,7 +221,7 @@ class CommonPasswordValidator:
The password is rejected if it occurs in a provided list of passwords,
which may be gzipped. The list Django ships with contains 20000 common
passwords (lowercased and deduplicated), created by Royce Williams:
https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7
https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce
The password list must be lowercased to match the comparison in validate().
"""

View File

@ -274,7 +274,8 @@ Utilities
Validators
~~~~~~~~~~
* ...
* The list of common passwords used by ``CommonPasswordValidator`` is updated
to the most recent version.
.. _backwards-incompatible-4.2:

View File

@ -615,12 +615,17 @@ Django includes four validators:
Validates that the password is not a common password. This converts the
password to lowercase (to do a case-insensitive comparison) and checks it
against a list of 20,000 common password created by `Royce Williams
<https://gist.github.com/roycewilliams/281ce539915a947a23db17137d91aeb7>`_.
<https://gist.github.com/roycewilliams/226886fd01572964e1431ac8afc999ce>`_.
The ``password_list_path`` can be set to the path of a custom file of
common passwords. This file should contain one lowercase password per line
and may be plain text or gzipped.
.. versionchanged:: 4.2
The list of 20,000 common passwords was updated to the most recent
version.
.. class:: NumericPasswordValidator()
Validate that the password is not entirely numeric.