| Issue Title | Created Date | Comment Count | Updated Date |
|---|---|---|---|
| [Shrink/PiP] Implement option to set the app in fullscreen before enabling PiP/Shrink | 0 | 2021-10-29 | 2023-02-19 |
| Add repeated attempts to execute commands if there was an error | 0 | 2021-09-08 | 2022-11-25 |
| `google-closure-compiler-linux` throwing Java exceptions. | 17 | 2022-04-08 | 2023-04-06 |
| Unable to validate emails | 4 | 2020-01-03 | 2023-02-15 |
| Prevent the action of any menu item from MenuManagerObserver::menuEditStarting | 1 | 2021-07-29 | 2023-02-22 |
| Ensure that the cursor and action text is always shown on title and back items | 1 | 2021-07-29 | 2022-09-29 |
| RuntimeListMenuItem invoke on title item returns row 254 instead of 255 | 2 | 2021-07-19 | 2023-02-26 |
| Add pydatastructs.test function to run tests | 4 | 2021-11-21 | 2023-02-01 |
| Material Not Being Applied | 0 | 2021-04-17 | 2023-02-20 |
| FranzGoVerifiableTest.test_with_all_type_of_loads failed | 6 | 2022-04-29 | 2023-02-14 |
| Clean up parm/parm_wave directory and script input files | 0 | 2023-01-18 | 2023-02-26 |
| This is an error about Windows | 2 | 2020-05-08 | 2023-02-19 |
| Dots not visible or partially covered in the popup table | 0 | 2021-08-04 | 2023-02-17 |
| redirect trailing slash with parameter goes into infinite loop. | 1 | 2022-05-05 | 2023-03-13 |
| In case of Switzerland peak infections since today same for all scenarios and does not seem to correspond to real value | 1 | 2021-04-13 | 2023-02-09 |
| Pre-trained model not available for some tasks | 2 | 2021-12-27 | 2023-02-22 |
| Cannot read property ‘appendChild’ of null from basic-dropdown-content.js | 5 | 2021-01-11 | 2023-02-23 |
| Brownie classmethod Contract.from_abi() creates Namespace error for info() function | 0 | 2021-11-19 | 2022-06-30 |
| Windows/Msys2 Build no longer working. | 24 | 2022-05-07 | 2023-04-10 |
| Change Notifications to Notification settings on nav bar | 3 | 2021-10-11 | 2023-01-10 |
| Change style of «filter» button at https://publiclab.org/tags visualization | 27 | 2021-10-08 | 2023-02-14 |
| Change string to translation function call in users/profile.html.erb | 1 | 2021-10-07 | 2023-02-15 |
| Map floats over footer while scrolling! — UI Bug (1/3) | 13 | 2021-10-11 | 2022-11-02 |
| Change string to translation function call in users/profile.html.erb | 8 | 2021-10-07 | 2023-02-15 |
| Content editing button group displaces while scrolling! — UI Bug (2/3) | 8 | 2021-10-11 | 2023-02-02 |
| Weekly Community Check-In #119 — Learning to take breaks 🧘 | 9 | 2021-10-11 | 2023-02-16 |
| ‘Preview and Publish’ buttons misplaced at certain screen width — UI Bug (3/3) | 18 | 2021-10-11 | 2022-11-27 |
| Change string to translation function call in users/profile.html.erb ‘Link Social Media’ | 1 | 2021-10-07 | 2023-03-31 |
| Move plus icon in front of ‘New Post’ text | 1 | 2021-10-11 | 2023-02-12 |
| Change string to translation function call in users/profile.html.erb | 2 | 2021-10-07 | 2023-04-14 |
| [Egg Request]: streetmerchant | 2 | 2022-12-05 | 2023-01-30 |
| Dependency org.apache.cxf:cxf-rt-transports-http, leading to CVE problem | 2 | 2021-10-04 | 2023-02-24 |
| 13.2.2+: RenderSystem_GL linking with «-Wl,—no-undefined» broken | 4 | 2021-12-14 | 2023-02-14 |
| change createMuiTheme to createTheme due to changes in MaterialUI | 1 | 2021-07-22 | 2023-03-31 |
| wrong highlighting in menu dialog when path is very long (with «…») | 3 | 2022-10-16 | 2023-02-17 |
| Image Acquisition | 1 | 2021-09-27 | 2021-11-03 |
| DOMjudge has been running a very slow SQL | 6 | 2023-03-19 | 2023-04-07 |
| Position of dot in an image | 2 | 2021-04-05 | 2022-11-12 |
| Problem with updating backorders and stock_status | 1 | 2021-02-10 | 2023-04-06 |
| Consider Rust-Postgres driver to have «beta» level support | 0 | 2022-03-14 | 2023-02-17 |
| Typo — 3.1.1 instead of 3.11? | 2 | 2023-01-12 | 2023-03-23 |
| 感谢开发者,有一个小提议 | 0 | 2021-01-09 | 2021-12-22 |
| [CSS] Throttling during provisioning | 1 | 2021-10-12 | 2023-03-19 |
| Juggler Sequence Implementation | 0 | 2021-11-24 | 2023-02-27 |
| All CIs should be using federated Identities when possible and functional | 1 | 2022-10-31 | 2023-03-26 |
| Parse parameters if a OpenAPI type is specified | 8 | 2021-02-05 | 2023-02-11 |
| A false positive about the rule DM_EXIT | 1 | 2021-11-16 | 2023-04-04 |
| [Feature] Support load binlog from MySQL directly instead of Canal | 9 | 2022-02-11 | 2023-03-26 |
| [Security Solution] Support for running Cypress e2e tests under different licenses | 4 | 2022-10-25 | 2023-02-09 |
| Serialize to bytes | 2 | 2020-01-02 | 2022-01-18 |
Единственный юзер с нормальным паролем — читать дальше _/¯» src=»static.diary.ru/userdir/6/7/8/5/67852/86443314….» width=»34px;»>
![[скриншот]](http://static.diary.ru/userdir/6/7/8/5/67852/86604237.png)
@темы:
игры,
exapunks
This is a translatable password validator for django, based on zxcvbn-python and available with pip. zxcvbn is a password strength estimator inspired by password crackers. It permits to prevent users to have to choose a password with one upper case, one special character and a number, but still check the password strengh and provide input to help the user choose a password.
The project is available here on Github, and the package is on Pypi here.
I check the code with the pre-commit framework, using black, isort, flake8 and pylint as git hooks. I’m testing it with tox and coverage locally, and I set up travis and codacy online. The translation is done with django-rosetta. I tried to make a clear readme with examples to explain what the package does in detail, there are also tests covering the code base entirely.
I would be really interested in remarks about the whole project, code, tests, documentation, tooling, set up, design, complexity to onboard, and basically everything around the project that could make it better.
But this makes a lot of things to review so the main part of the code is the following :
from django.conf import settings
from django.core.exceptions import ImproperlyConfigured, ValidationError
from django.utils.translation import ugettext_lazy as _
from zxcvbn import zxcvbn
from django_zxcvbn_password_validator.settings import DEFAULT_MINIMAL_STRENGTH
from django_zxcvbn_password_validator.translate_zxcvbn_text import (
translate_zxcvbn_text,
translate_zxcvbn_time_estimate,
)
class ZxcvbnPasswordValidator:
def __init__(self, min_length=1, zxcvbn_implementation=zxcvbn):
self.min_length = min_length
self.zxcvbn_implementation = zxcvbn_implementation
password_minimal_strength = getattr(settings, "PASSWORD_MINIMAL_STRENGTH", None)
if password_minimal_strength is None:
# Compatibility with a typo in previous version.
password_minimal_strength = getattr(
settings, "PASSWORD_MINIMAL_STRENTH", None
)
if password_minimal_strength is None:
password_minimal_strength = DEFAULT_MINIMAL_STRENGTH
self.password_minimal_strength = password_minimal_strength
self.__check_password_minimal_strength()
def __check_password_minimal_strength(self):
error_msg = "ZxcvbnPasswordValidator need an integer between 0 and 4 "
error_msg += "for PASSWORD_MINIMAL_STRENGTH in the settings."
try:
not_an_int = (
int(self.password_minimal_strength) != self.password_minimal_strength
)
except ValueError:
not_an_int = True
if not_an_int:
error_msg += f" (not '{self.password_minimal_strength}', "
error_msg += f"a {self.password_minimal_strength.__class__.__name__})"
raise ImproperlyConfigured(error_msg)
if self.password_minimal_strength < 0 or self.password_minimal_strength > 4:
error_msg += f" ({self.password_minimal_strength} is not in [0,4])"
raise ImproperlyConfigured(error_msg)
def validate(self, password, user=None):
def append_translated_feedback(old_feedbacks, feedback_type, new_feedbacks):
if new_feedbacks:
if isinstance(new_feedbacks, str):
new_feedbacks = [new_feedbacks]
for new_feedback in new_feedbacks:
old_feedbacks.append(
f"{feedback_type} : {translate_zxcvbn_text(new_feedback)}"
)
user_inputs = []
if user:
for value in user.__dict__.values():
user_inputs.append(value)
results = self.zxcvbn_implementation(password, user_inputs=user_inputs)
password_strength = results["score"]
if password_strength < self.password_minimal_strength:
crack_time = results["crack_times_display"]
offline_time = crack_time["offline_slow_hashing_1e4_per_second"]
feedbacks = [
"{} {}".format(
_("Your password is too guessable :"),
_("It would take an offline attacker %(time)s to guess it.")
% {"time": translate_zxcvbn_time_estimate(offline_time)},
)
]
append_translated_feedback(
feedbacks, _("Warning"), results["feedback"]["warning"]
)
append_translated_feedback(
feedbacks, _("Advice"), results["feedback"]["suggestions"]
)
raise ValidationError(feedbacks)
def get_help_text(self):
expectations = _("We expect")
if self.password_minimal_strength == 0:
expectations += " {}".format(
_("nothing: you can use any password you want.")
)
return expectations
expectations += " {}".format(_("a password that cannot be guessed"))
hardness = {
1: _("by your familly or friends."),
2: _("by attackers online."),
3: _("without access to our database."),
4: _("without a dedicated team and an access to our database."),
}
expectations += " {}".format(hardness.get(self.password_minimal_strength))
return "{} {} {} {}".format(
_("There is no specific rule for a great password,"),
_("however if your password is too easy to guess,"),
_("we will tell you how to make a better one."),
expectations,
)
Translation is done here :
import logging
from django.utils.translation import ugettext_lazy as _
LOGGER = logging.getLogger(__file__)
def translate_zxcvbn_text(text):
""" This PR would make it cleaner, but it will also be very slow
to be integrated in python-zxcvbn and we want this to work now :
https://github.com/dropbox/zxcvbn/pull/124 """
i18n = {
"Use a few words, avoid common phrases": _(
"Use a few words, avoid common phrases"
),
"No need for symbols, digits, or uppercase letters": _(
"No need for symbols, digits, or uppercase letters"
),
"Add another word or two. Uncommon words are better.": _(
"Add another word or two. Uncommon words are better."
),
"Straight rows of keys are easy to guess": _(
"Straight rows of keys are easy to guess"
),
"Short keyboard patterns are easy to guess": _(
"Short keyboard patterns are easy to guess"
),
"Use a longer keyboard pattern with more turns": _(
"Use a longer keyboard pattern with more turns"
),
'Repeats like "aaa" are easy to guess': _(
'Repeats like "aaa" are easy to guess'
),
'Repeats like "abcabcabc" are only slightly harder to guess than "abc"': _(
'Repeats like "abcabcabc" are only slightly harder to guess than "abc"'
),
"Avoid repeated words and characters": _("Avoid repeated words and characters"),
'Sequences like "abc" or "6543" are easy to guess': _(
'Sequences like "abc" or "6543" are easy to guess'
),
"Avoid sequences": _("Avoid sequences"),
"Recent years are easy to guess": _("Recent years are easy to guess"),
"Avoid recent years": _("Avoid recent years"),
"Avoid years that are associated with you": _(
"Avoid years that are associated with you"
),
"Dates are often easy to guess": _("Dates are often easy to guess"),
"Avoid dates and years that are associated with you": _(
"Avoid dates and years that are associated with you"
),
"This is a top-10 common password": _("This is a top-10 common password"),
"This is a top-100 common password": _("This is a top-100 common password"),
"This is a very common password": _("This is a very common password"),
"This is similar to a commonly used password": _(
"This is similar to a commonly used password"
),
"A word by itself is easy to guess": _("A word by itself is easy to guess"),
"Names and surnames by themselves are easy to guess": _(
"Names and surnames by themselves are easy to guess"
),
"Common names and surnames are easy to guess": _(
"Common names and surnames are easy to guess"
),
"Capitalization doesn't help very much": _(
"Capitalization doesn't help very much"
),
"All-uppercase is almost as easy to guess as all-lowercase": _(
"All-uppercase is almost as easy to guess as all-lowercase"
),
"Reversed words aren't much harder to guess": _(
"Reversed words aren't much harder to guess"
),
"Predictable substitutions like '@' instead of 'a' don't help very much": _(
"Predictable substitutions like '@' instead of 'a' don't help very much"
),
}
translated_text = i18n.get(text)
if translated_text is None:
# zxcvbn is inconsistent, sometime there is a dot, sometime not
translated_text = i18n.get(text[:-1])
if translated_text is None:
LOGGER.warning(
"No translation for '%s' or '%s', update the generatei18ndict command.",
text,
text[:-1],
)
return text
return translated_text
def translate_zxcvbn_time_estimate(text):
def replace_dict(text, times):
for original, translated in times.items():
text = text.replace(original, str(translated))
return text
if text == "less than a second":
return _("less than a second")
text = text.replace("centuries", str(_("centuries")))
plural_times = {
"seconds": _("seconds"),
"minutes": _("minutes"),
"hours": _("hours"),
"days": _("days"),
"months": _("months"),
"years": _("years"),
}
times = {
"second": _("second"),
"minute": _("minute"),
"hour": _("hour"),
"day": _("day"),
"month": _("month"),
"year": _("year"),
}
# Plural first to avoid replacing "hours" by _("hour") + s
# Adding an 's' does not mean plural in every language
text = replace_dict(text, plural_times)
text = replace_dict(text, times)
return text
This part of the code is mostly generated by the following management command (done in case zxcvbn add string or remove string so it’s easier to make new a new translation) :
# -*- coding: utf-8 -*-
from django.core.management.base import BaseCommand
class Command(BaseCommand):
help = "Will generate what the i18n dict for the translate_zxcvbn_text function"
def handle(self, *args, **options):
existings_messages = [
"Use a few words, avoid common phrases",
"No need for symbols, digits, or uppercase letters",
"Add another word or two. Uncommon words are better.",
"Straight rows of keys are easy to guess",
"Short keyboard patterns are easy to guess",
"Use a longer keyboard pattern with more turns",
'Repeats like "aaa" are easy to guess',
'Repeats like "abcabcabc" are only slightly harder to guess than "abc"',
"Avoid repeated words and characters",
'Sequences like "abc" or "6543" are easy to guess',
"Avoid sequences",
"Recent years are easy to guess",
"Avoid recent years",
"Avoid years that are associated with you",
"Dates are often easy to guess",
"Avoid dates and years that are associated with you",
"This is a top-10 common password",
"This is a top-100 common password",
"This is a very common password",
"This is similar to a commonly used password",
"A word by itself is easy to guess",
"Names and surnames by themselves are easy to guess",
"Common names and surnames are easy to guess",
"Capitalization doesn't help very much",
"All-uppercase is almost as easy to guess as all-lowercase",
"Reversed words aren't much harder to guess",
"Predictable substitutions like '@' instead of 'a' don't help very much",
]
msg = " i18n = {"
for message in existings_messages:
message = message.replace("'", "\'")
msg += f" '{message}': _('{message}'),"
msg += " }"
msg += "Please copy paste the following in the translate_zxcvbn_text function,"
msg += " then use 'python manage.py makemessages'."
print(msg)
This is the whole code, everything else is either tests, documentation or packaging.
Thank you in advance for any remarks or advices !
Hi Everyone,
Over the past year we have all gotten more dependent on our computers to live our lives. So let’s talk about those pesky little things called passwords.
So, let’s begin by reviewing some related vocabulary, please fill in these sentences below with the correct words in the boxes:
| complex | default | hack | security |
| software | strong | technology | weak |
- This password is easy to guess; it’s _______________________________________.
- This password is difficult to guess; it’s _________________________________.
- This password is not simple: it’s _________________________.
- You use this password when you start using a new computer for the first time; it’s a ______________________ password.
- People need to make sure the information on their computers is safe; they need good ___________________.
- Attackers are people who _____________________ a computer to find private information.
- The information __________________ (IT) department helps a company with their computers.
- A computer program that gives the computer instructions is called ________________________.
Check out the answers below:
| 1 | weak |
| 2 | strong |
| 3 | complex |
| 4 | default |
| 5 | security |
| 6 | hack |
| 7 | technology |
| 8 | software |
Do you ever have problems remembering your passwords??
Next, we are going to read an article about strong passwords. Before we read it, please decide if the following statements are True (T) or False (F):
1. Complex passwords are better than simple passwords.
2. You should change your default password.
3. If you can’t remember your password, you should store it on your computer as a plain text file, for
example, in a Word document.
4. It is better to create lots of different passwords for different websites.
5. Companies should have more relaxed rules about how customers create passwords.
6. Password management software is completely safe.
Ok, let’s read the article.
Do we really need strong passwords?
A way to know
- Complex passwords don’t usually stop attackers, but
they make everyday life much more difficult for
computer users, says the UK security agency GCHQ.
They recommend using a simpler approach. - GCHQ gives some helpful advice for people who
work in IT, as well as normal users. They warn people
not to keep their default passwords. They also say
that people should avoid storing passwords as plain
text because other people, including attackers, can
easily read these documents. - The organization says we should stop using too many
complex passwords if we don’t want to suffer from
“password overload”. This is what happens when
people create too many long passwords for different
websites and write them down so they can remember
them. Writing down passwords is unsafe.
- People often use complex passwords because of
organizations’ rules. For example, to be considered
“strong”, passwords must be a certain length or
include numbers or special characters, like ! or *.
Companies should allow people to use their own
simpler passwords. - These simple passwords might consist of just three
short words, for example. Or people could consider
using password managers, software that creates
and stores passwords. The passwords might be
complex, but people will never need to remember
them because their computer will do that for them.
Computers don’t mind storing and remembering
complex passwords – it’s what they’re designed to do. - The report says that software password managers
can help, but, like all security software, they can be
hacked and are an attractive target for attackers.
Once you’ve read the article take another look at those T/F statements and here’s the answers-
- F – Complex passwords don’t usually stop attackers, but they make everyday life much more difficult for computer users…
2.T – They warn people not to keep their default passwords.
3. F – … people should avoid storing passwords as plain text because other people, including attackers, can easily read these documents.
4. F – …we should stop using too many complex passwords if we don’t want to suffer from “password overload”.
5. T – Companies should allow people to use their own simpler passwords.
6. . F – …software password managers can help, but… they can be hacked and are an attractive target for attackers.
So it looks like we need strong passwords for better security on the internet and protect our information. To make a password stronger, many websites ask people to use letters, numbers, and special characters. We also use these special characters for website addresses.
Match the characters with their names.
| Character | Name |
| 1. . | a. at |
| 2. / | b. back slash |
| 3. | c. dash |
| 4. @ | d. dot |
| 5. – | e. double u |
| 6. 11_ | f. forward slash |
| 7. w | g. underscore |
Check out the answers below:
| Character | Name |
| 1. . | d. dot |
| 2. / | f. forward slash |
| 3. | b. back slash |
| 4. @ | a. at |
| 5. – | c. dash |
| 6. 11_ | g. underscore |
| 7. w | e. double u |
For some more practice using these special characters read these URLs and email addresses:
http://www.amazon.com
http://www.travel-abroad.co
http://www.example.com/mail
http://www.food.net/greek_food.html
tony@gmail.com
http://www.learn-english.com/grammar
So, keep your passwords strong with some special characters to make your passwords truly unique!
Hope you are all staying safe and healthy, and remember to relax and practice!
Enjoy this last weekend in February!
