Metadata-Version: 2.1
Name: django-pwned-validator
Version: 0.0.6
Summary: A PwnedPassword validator for Django
License: MIT
Author: Craig Loftus
Author-email: craigloftus@gmail.com
Requires-Python: >=3.6
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Requires-Dist: requests (>=2.25.1,<3.0.0)
Description-Content-Type: text/x-rst

Django Pwned Passwords Validator
================================

This package provides a password validator for Django that checks submitted
passwords against the `Pwned Passwords API <https://haveibeenpwned.com/API/v2>`_.

To protect the security of the password being checked a range search is used. Specifically,
only the first 5 characters of a SHA-1 password hash are sent to the API. The
validator then locally looks for the full hash in the range returned.

Installation
~~~~~~~~~~~~

.. code-block:: sh

    pip install django-pwned-validator

Modify your `settings.py` to install the app and enable the validator:

.. code-block:: python

    INSTALLED_APPS = [
        'pwned.apps.PwnedConfig',
        ...
    ]

    AUTH_PASSWORD_VALIDATORS = [
        {
            'NAME': 'pwned.validators.PwnedValidator',
        },
        ...
    ]


Compatibility
~~~~~~~~~~~~~
Supports Django 2.2 to 3.2 on Python 3.5 to 3.8.

