search

sio2project / oioioi

GNU General Public License v3.0
160 stars 70 forks source link

Added password validation #262

Closed BrutBurger closed 10 months ago

BrutBurger commented 10 months ago

According to FRI privacy policy passwords needs to have:

min 8 characters contain a lowercase and uppercase letter, as well as digit and special character

This PR covers that issue. For it to work, the following needs to be added to the settings.py:

AUTH_PASSWORD_VALIDATORS = [ { "NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", "OPTIONS": { "min_length": 8, }, }, {'NAME': 'oioioi.base.validators.NumberValidator', }, {'NAME': 'oioioi.base.validators.UppercaseValidator', }, {'NAME': 'oioioi.base.validators.LowercaseValidator', }, {'NAME': 'oioioi.base.validators.SymbolValidator', }, ]

DietPawel commented 10 months ago

@twalen That is exactly what I pointed out. I even gave them an example of quo8UaQuie3Mie9ahwoo and O1impi@da. It is all about possible combinations and entropy. Enforcing use of special characters lowers no of possible password. Unfortunately changing to sensible requirements would mean altering the official policy and arguing with GDPR officer.