openedx.core.djangoapps.password_policy package

Subpackages

• openedx.core.djangoapps.password_policy.settings package
  • Submodules
  • openedx.core.djangoapps.password_policy.settings.common module
    • plugin_settings()
  • openedx.core.djangoapps.password_policy.settings.devstack module
    • plugin_settings()
  • openedx.core.djangoapps.password_policy.settings.production module
    • plugin_settings()
  • Module contents

Submodules

openedx.core.djangoapps.password_policy.apps module

Configuration for password_policy Django app

class openedx.core.djangoapps.password_policy.apps.PasswordPolicyConfig(app_name, app_module)

Bases: AppConfig

Configuration class for password_policy Django app

name = 'openedx.core.djangoapps.password_policy'

plugin_app = {'settings_config': {'cms.djangoapp': {'common': {'relative_path': 'settings.common'}, 'devstack': {'relative_path': 'settings.devstack'}, 'production': {'relative_path': 'settings.production'}}, 'lms.djangoapp': {'common': {'relative_path': 'settings.common'}, 'devstack': {'relative_path': 'settings.devstack'}, 'production': {'relative_path': 'settings.production'}}}}

ready()

Override this method in subclasses to run code when Django starts.

verbose_name = 'Password Policy'

openedx.core.djangoapps.password_policy.compliance module

Utilities for enforcing and tracking compliance with password policy rules.

exception openedx.core.djangoapps.password_policy.compliance.NonCompliantPasswordException

Bases: Exception

Exception that should be raised when a user who is required to be compliant with password policy requirements is found to have a non-compliant password.

exception openedx.core.djangoapps.password_policy.compliance.NonCompliantPasswordWarning

Bases: Exception

Exception that should be raised when a user who will soon be required to be compliant with password policy requirements is found to have a non-compliant password.

openedx.core.djangoapps.password_policy.compliance.enforce_compliance_on_login(user, password)

Verify that the user’s password is compliant with password policy rules and determine what should be done if it is not.

Raises NonCompliantPasswordException when the password is found to be non-compliant and the compliance deadline for the user has been reached. In this case, login should be prevented.

Raises NonCompliantPasswordWarning when the password is found to be non-compliant and the compliance deadline for the user is in the future.

Returns None when the password is found to be compliant, or when no deadline for compliance has been set for the user.

Important: This method should only be called AFTER the user has been authenticated.

openedx.core.djangoapps.password_policy.compliance.should_enforce_compliance_on_login()

Returns a boolean indicating whether or not password policy compliance should be enforced on login.

openedx.core.djangoapps.password_policy.forms module

Forms for the password policy app.

class openedx.core.djangoapps.password_policy.forms.PasswordPolicyAwareAdminAuthForm(request=None, *args, **kwargs)

Bases: AdminAuthenticationForm

Custom AdminAuthenticationForm that can enforce password policy rules on login.

base_fields = {'password': <django.forms.fields.CharField object>, 'username': <django.contrib.auth.forms.UsernameField object>}

clean()

Overrides the clean method to allow for the enforcement of password policy requirements.

declared_fields = {'password': <django.forms.fields.CharField object>, 'username': <django.contrib.auth.forms.UsernameField object>}

property media

Return all media required to render the widgets on this form.

openedx.core.djangoapps.password_policy.hibp module

Wrapper to use pwnedpassword Service

class openedx.core.djangoapps.password_policy.hibp.PwnedPasswordsAPI

Bases: object

WrapperClass on pwned password service to fetch similar password signatures along with their count

API_URL = 'https://api.pwnedpasswords.com'

static is_sha1(maybe_sha)

Validates whether the provided string is sha1 encrypted or not

static range(password)

Returns a dict containing hashed password signatures along with their count. API URL takes first 5 characters of a SHA-1 password hash (not case-sensitive). API response contains suffix of every hash beginning with the specified prefix, followed by a count of how many times it appears in their data set.

**Argument(s):

password: a sha-1-hashed string against which pwnedservice is invoked

**Returns:

{

“7ecd77ecd7”: 341, “7ecd77ecd77ecd7”: 12,

}

openedx.core.djangoapps.password_policy.hibp.convert_password_tuple(value)

a conversion function used to convert a string to a tuple

Module contents