On Sat, 2010-11-27 at 09:36 +0800, Russell Keith-Magee wrote:
> So - if you can rephrase this in terms of a function/class API where
> someone can define a mechanism for enforcing password strength, and
> provide two implementations (the "any password is OK" policy and the
> "cracklib policy" would be enough), then I can see this being a good
> addition to Django.
If I remember the auth forms code correctly, you can pass a custom form
into all the views that handle passwords - new user, change password,
password reset.
The only inconvenience is that you they all call the password field
different things, so you need to add a form with methods like
'clean_new_password' and 'clean_password' etc which would be essentially
identical. So I would propose the introduction of some simple mixin like
this:
class DefaultPasswordPolicyMixin(object):
def valid_password(self, password):
return True
All the auth forms should then be adapted to use this mixin and the
valid_password method, and third parties can define their own mixin
which overrides the method to create their own forms.
Luke
--
"Love is like an hourglass, with the heart filling up as the brain
empties."
Luke Plant || http://lukeplant.me.uk/
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
