Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Enable password validators to avoid users chosing weak passwords
- password can’t be too similar to your other personal information.
- password must contain at least 10 characters.
- password can’t be a commonly used password.
- password can’t be entirely numeric.

Existing users are advised to reset their passwords!
  • Loading branch information
atodorov committed Jan 1, 2023
1 parent eb30647 commit 802ee50
Showing 1 changed file with 19 additions and 0 deletions.
19 changes: 19 additions & 0 deletions tcms/settings/common.py
Expand Up @@ -92,6 +92,25 @@
# handler!
AUTO_APPROVE_NEW_USERS = True

# Password validation rules, see
# https://docs.djangoproject.com/en/4.1/topics/auth/passwords/#enabling-password-validation
AUTH_PASSWORD_VALIDATORS = [
{
"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
},
{
"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator",
"OPTIONS": {
"min_length": 10,
},
},
{
"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator",
},
{
"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator",
},
]

# Set to False if you want to enforce account creation by admins.
REGISTRATION_ENABLED = (
Expand Down

0 comments on commit 802ee50

Please sign in to comment.