django-password-policies uses settings to customize the behaviour of this application. While it provides useful defaults all of the following attributes can be set individually for each project by adding the attribute and its new value to the project’s settings file:
Bases: easysettings.AppSettings
Default settings for django-password-policies.
Determines wether the PasswordChangeMiddleware should ignore the logout views, allowing the user to log out even if a password change is required.
A list of raw strings representing paths to ignore while checking if a user has to change his/her password.
Determines which fields should be searched upon in the admin change list of the PasswordChangeRequired
Don’t log the person out in the middle of a session. Only do the checks at login time.
Determines after how many seconds a check shall be performed if the user’s password has expired.
Defaults to 1 hour.
Specifies a list of common sequences to attempt to match a password against.
Specifies the location of a dictionary (file with one word per line). Could be “/usr/share/dict/words”.
Used by the DictionaryValidator.
A minimum distance of the difference between old and new password. A positive integer. Values greater than 1 are recommended.
A value of 0 disables password similarity verification.
Determines after how many seconds a user is forced to change his/her password.
Defaults to 60 days.
Determines which fields should be searched upon in the admin change list of the PasswordHistory
Specifies the number of user’s previous passwords to remember when the password history is being used.
Defaults to 10 entries.
Specifies how close a fuzzy match has to be, considered a match.
Used by the CommonSequenceValidator.
Specifies the maximum amount of consecutive characters allowed in passwords.
Used by the ConsecutiveCountValidator.
Specifies the maximum length for passwords.
Used by the PasswordPoliciesField.
Specifies the minimum entropy of long passwords (len(password) >= 100).
Used by the EntropyValidator.
Specifies the minimum entropy of short passwords (len(password) < 100).
Used by the EntropyValidator.
Specifies the minimum length for passwords.
Used by the PasswordPoliciesField.
Specifies the minimum amount of required letters in a password.
Used by LetterCountValidator.
Specifies the minimum amount of required numbers in a password.
Used by the NumberCountValidator.
Specifies the minimum amount of required symbols in a password.
Used by SymbolCountValidator.
Determines wether to validate passwords using the CracklibValidator.
Determines wether to use the password history.
A list of project specific words to check a password against.
Used by the DictionaryValidator.
If a password expired and the user wants to visit any page a redirect is issued. By default, the URL the user wanted to visit before is remembered and stored as query string parameter called “next”. If you would prefer to use a different name for this parameter, the PasswordChangeFormView takes an optional redirect_field_name keyword argument:
url(r'^/password_change/$',
PasswordChangeFormView.as_view(redirect_field_name='previous'),
name="password_change"),
Note that if you provide a value to redirect_field_name, you will most likely need to customize your PasswordChangeFormView template as well, since the template context variable which stores the redirect path will use the value of redirect_field_name as its key rather than “next” (the default).
A path to a template to generate a 403 error page in the root of the template directory.