From c599b79752e8e41181f15caee28e68ad51301243 Mon Sep 17 00:00:00 2001
From: Saurabh Kumar <theskumar@users.noreply.github.com>
Date: Sat, 30 Mar 2024 03:01:28 +0800
Subject: [PATCH] Replace django-pwned-passwords with pwned-passwords-django
 (#3826)

Fixes #3819
---
 hypha/settings/django.py | 13 +++++++++++--
 requirements.txt         |  3 +--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/hypha/settings/django.py b/hypha/settings/django.py
index 3f3cac9bf..62dfa1d86 100644
--- a/hypha/settings/django.py
+++ b/hypha/settings/django.py
@@ -2,6 +2,8 @@
 Django settings for hypha project.
 """
 
+from django.utils.translation import gettext_lazy as _
+
 # Application definition
 INSTALLED_APPS = [
     "scout_apm.django",
@@ -59,7 +61,6 @@ INSTALLED_APPS = [
     "addressfield",
     "django_nh3",
     "django_fsm",
-    "django_pwned_passwords",
     "django_slack",
     "django_otp",
     "django_otp.plugins.otp_totp",
@@ -166,7 +167,15 @@ AUTH_PASSWORD_VALIDATORS = [
         "NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator",
     },
     {
-        "NAME": "django_pwned_passwords.password_validation.PWNEDPasswordValidator",
+        "NAME": "pwned_passwords_django.validators.PwnedPasswordsValidator",
+        "OPTIONS": {
+            "error_message": _(
+                "This password has previously appeared in a data breach and should not be used. Please choose a different password."
+            ),
+            "help_message": _(
+                "Your password must not have been detected in a major security breach."
+            ),
+        },
     },
 ]
 
diff --git a/requirements.txt b/requirements.txt
index f32e4424b..d1232e053 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -22,8 +22,6 @@ django-heroku==0.3.1
 django-hijack==3.4.5
 django-htmx==1.17.3
 django-pagedown==2.2.1
-# django-pwned-passwords==4.1.0
-https://github.com/slinkymanbyday/django-pwned-passwords/archive/58c7b832df7360a21fd8edeaaf9f897c7517baf1.zip
 django-ratelimit==4.1.0
 django-referrer-policy==1.0
 django-select2==8.1.2
@@ -49,6 +47,7 @@ more-itertools==10.2.0
 phonenumberslite==8.13.32
 Pillow==10.2.0
 psycopg[binary]==3.1.18
+pwned-passwords-django==2.1
 qrcode==7.4.2
 reportlab==4.0.9
 social_auth_app_django==5.4.0
-- 
GitLab