Secure Password formencode.Schema, anyone?

Sun, 22 Oct 2006 01:42:29 -0700 

Hello there, has anyone writen a public Secure Password formencode
Schema?

Based on the examples and by extending it, I've created:
class SecurePassword(formencode.FancyValidator):

    config = request.environ['paste.config']['app_conf']
    bad_passwords_file = config['bad_passwords_file'] or None
    min_length = int(config['passwords_min_length']) or 5
    min_non_letter = int(config['passwords_non_letter_min_chars']) or 1
    letter_regex = re.compile(r'[a-zA-Z]')

    messages = {
        'too_few': 'Your password must be longer than %(min_length)i '
                  'characters long',
        'non_letter': 'You must include at least %(min_non_letter)i '
                     'numeric character(s) in your password',
        'non_dict': 'Please do not base your password on a dictionary
term',
    }

    def _to_python(self, value, state):
        # Strip any leading/trailing whitespace
        return value.strip()

    def validate_python(self, value, state):
        if len(value) < self.min_length:
            raise formencode.Invalid(self.message(
                "too_few", state, min_length=self.min_length), value,
state)

        non_letters = self.letter_regex.sub('', value)
        if len(non_letters) < self.min_non_letter:
            raise formencode.Invalid(self.message(
                "non_letter", state,
min_non_letter=self.min_non_letter),
                value, state)

        if self.bad_passwords_file is not None:
            f = open(self.bad_passwords_file)
            lower = value.strip().lower()
            for line in f:
                if line.strip().lower() == lower:
                    raise formencode.Invalid(self.message(
                        "non_dict", state), value, state)

Of course this is way beyond of how a secure password validator should
look like, there are more stuff we should check on the password.

So, before writing it all up, has anyone had this work and cares to
share it?

Thanks!
Pedro Algarvio


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"pylons-discuss" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/pylons-discuss
-~----------~----~----~----~------~----~------~--~---

Reply via email to