Opened 3 years ago

Last modified 3 years ago

#16860 new New feature

Provide hooks for password policy

Reported by: PaulM Owned by: nobody
Component: contrib.auth Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by PaulM)

While it is possible to change the validation for new passwords by subclassing the form, I think that Django should provide a more friendly interface for this. We should have a pluggable password authentication framework which enforces no rules by default, but comes with several reasonable example policies which may be enabled.

Problems to be solved include:

  • Informing the user of the various password requirements
  • Allowing policies to chain together smoothly
  • Provide flexibility for complex requirements (some may include their own models)
  • Backwards compatibility
  • Javascript validation assistance (someday, maybe?)
  • HTML5 support (i.e. the pattern attribute)
  • Support for various rate-limiting and lockout schemes
  • support for adding captchas (maybe)

Attachments (0)

Change History (1)

comment:1 Changed 3 years ago by PaulM

  • Description modified (diff)

Add Comment

Modify Ticket

Change Properties
<Author field>
as new
The owner will be changed from nobody to anonymous. Next status will be 'assigned'
as The resolution will be set. Next status will be 'closed'

E-mail address and user name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.