From ad2ae5b427d093d19bbffd3e62ff4ee8d6a9b0f0 Mon Sep 17 00:00:00 2001
From: Fredrik Jonsson <frjo@xdeb.org>
Date: Wed, 19 Sep 2018 12:27:05 +0200
Subject: [PATCH] Make use of pwnedpasswords check and set min length to 12.

---
 opentech/settings/base.py | 11 ++++++-----
 requirements.txt          |  1 +
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/opentech/settings/base.py b/opentech/settings/base.py
index 7f96ff6c8..b0f9b70a0 100644
--- a/opentech/settings/base.py
+++ b/opentech/settings/base.py
@@ -128,6 +128,7 @@ INSTALLED_APPS = [
     'django.contrib.staticfiles',
     'django.contrib.sitemaps',
     'django.forms',
+    'django_pwnedpasswords_validator',
 ]
 
 MIDDLEWARE = [
@@ -228,17 +229,17 @@ WAGTAILSEARCH_BACKENDS = {
 # https://docs.djangoproject.com/en/stable/ref/settings/#auth-password-validators
 
 AUTH_PASSWORD_VALIDATORS = [
-    {
-        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
-    },
     {
         'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+        'OPTIONS': {
+            'min_length': 12,
+        }
     },
     {
-        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
     },
     {
-        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+        'NAME': 'django_pwnedpasswords_validator.validation.PwnedPasswordValidator',
     },
 ]
 
diff --git a/requirements.txt b/requirements.txt
index 1493824a6..a8ed572b1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -31,6 +31,7 @@ django_select2==6.0.1
 dj-database-url==0.5.0
 django-basic-auth-ip-whitelist==0.2.1
 django-heroku==0.3.1
+django-pwnedpasswords-validator==1.0.1
 django-redis==4.9.0
 django-referrer-policy==1.0
 whitenoise==4.0
-- 
GitLab