Adding a module that checks password hashes against the haveibeenpwned.com API to make sure publicly known passwords can not be set in Odoo and not used to login anymore. The user is forced to use password reset upon login if it is enabled, an email is sent to him (if auth_signup is installed) or he has to contact an admin to ensure a safe password change.
This is still work in progress. Feedback welcome.
Planned tasks (next week):
[ ] adding tests
[ ] remove password_security changes and move them into a seperate module (to be added later)
Adding a module that checks password hashes against the haveibeenpwned.com API to make sure publicly known passwords can not be set in Odoo and not used to login anymore. The user is forced to use password reset upon login if it is enabled, an email is sent to him (if auth_signup is installed) or he has to contact an admin to ensure a safe password change.
This is still work in progress. Feedback welcome.
Planned tasks (next week):
Further reading: