Created
February 10, 2018 12:37
-
-
Save ceoro9/fd90e799c9a67d40422dee9bfc4fc4be to your computer and use it in GitHub Desktop.
Fetch all password validators and check password
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def get_default_password_validators(): | |
return get_password_validators(settings.AUTH_PASSWORD_VALIDATORS) | |
def get_password_validators(validator_conf): | |
""" | |
import all password validators modules | |
and raise exception if impossible to import | |
:param validator_conf: | |
:return: | |
""" | |
validators = [] | |
for validator in validator_conf: | |
try: | |
c_class = import_string(validator['NAME']) | |
except ImportError: | |
msg = "The module in NAME could not be imported: %s. Check your AUTH_PASSWORD_VALIDATORS setting." | |
raise ImproperlyConfigured(msg % validator['NAME']) | |
validators.append(c_class(**validator.get('OPTIONS', {}))) | |
return validators | |
@csrf_exempt | |
def check_password(request): | |
""" | |
checks password reliability, | |
works only with post requests! | |
csrf is off because there are | |
no vulnerabilities to exploit. | |
:param request: | |
:return: | |
""" | |
password = request.POST.get("password") | |
validators = get_default_password_validators() | |
for validator in validators: | |
try: | |
validator.validate(password) | |
except ValidationError as error: | |
return HttpResponse(json.dumps({"answer": 0, "error": error.code}), | |
content_type="application/json") | |
return OK_response |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment