Opened 13 years ago
Last modified 9 years ago
#16860 closed New feature
Provide hooks for password policy — at Version 1
Reported by: | Paul McMillan | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | cmawebsite@… | Triage Stage: | Accepted |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description (last modified by )
While it is possible to change the validation for new passwords by subclassing the form, I think that Django should provide a more friendly interface for this. We should have a pluggable password authentication framework which enforces no rules by default, but comes with several reasonable example policies which may be enabled.
Problems to be solved include:
- Informing the user of the various password requirements
- Allowing policies to chain together smoothly
- Provide flexibility for complex requirements (some may include their own models)
- Backwards compatibility
- Javascript validation assistance (someday, maybe?)
- HTML5 support (i.e. the pattern attribute)
- Support for various rate-limiting and lockout schemes
- support for adding captchas (maybe)
Note:
See TracTickets
for help on using tickets.