Opened 8 years ago

Last modified 4 years ago

#16860 closed New feature

Provide hooks for password policy — at Version 1

Reported by: Paul McMillan Owned by: nobody
Component: contrib.auth Version: master
Severity: Normal Keywords:
Cc: cmawebsite@… Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Paul McMillan)

While it is possible to change the validation for new passwords by subclassing the form, I think that Django should provide a more friendly interface for this. We should have a pluggable password authentication framework which enforces no rules by default, but comes with several reasonable example policies which may be enabled.

Problems to be solved include:

  • Informing the user of the various password requirements
  • Allowing policies to chain together smoothly
  • Provide flexibility for complex requirements (some may include their own models)
  • Backwards compatibility
  • Javascript validation assistance (someday, maybe?)
  • HTML5 support (i.e. the pattern attribute)
  • Support for various rate-limiting and lockout schemes
  • support for adding captchas (maybe)

Change History (1)

comment:1 Changed 8 years ago by Paul McMillan

Description: modified (diff)
Note: See TracTickets for help on using tickets.
Back to Top