Metadata-Version: 2.1
Name: pwned-passwords-django
Version: 2.1
Summary: A Pwned Passwords implementation for Django sites.
Author-email: James Bennett <james@b-list.org>
License: BSD-3-Clause
Project-URL: Documentation, https://pwned-passwords-django.readthedocs.io/
Project-URL: Homepage, https://github.com/ubernostrum/pwned-passwords-django
Keywords: django,security,passwords,auth,authentication
Classifier: Development Status :: 5 - Production/Stable
Classifier: Environment :: Web Environment
Classifier: Framework :: Django
Classifier: Framework :: Django :: 3.2
Classifier: Framework :: Django :: 4.2
Classifier: Framework :: Django :: 5.0
Classifier: Intended Audience :: Developers
Classifier: License :: OSI Approved :: BSD License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Programming Language :: Python :: 3.12
Classifier: Topic :: Utilities
Requires-Python: >=3.8
Description-Content-Type: text/x-rst
License-File: LICENSE
Requires-Dist: Django!=4.0.*,!=4.1.*,>=3.2
Requires-Dist: httpx
Provides-Extra: docs
Requires-Dist: furo; extra == "docs"
Requires-Dist: sphinx; extra == "docs"
Requires-Dist: sphinx-copybutton; extra == "docs"
Requires-Dist: sphinx-inline-tabs; extra == "docs"
Requires-Dist: sphinx-notfound-page; extra == "docs"
Requires-Dist: sphinxcontrib-django; extra == "docs"
Requires-Dist: sphinxext-opengraph; extra == "docs"
Provides-Extra: tests
Requires-Dist: coverage; extra == "tests"
Requires-Dist: tomli; python_full_version < "3.11.0a7" and extra == "tests"

.. -*-restructuredtext-*-

.. image:: https://github.com/ubernostrum/pwned-passwords-django/workflows/CI/badge.svg
   :alt: CI status image
   :target: https://github.com/ubernostrum/pwned-passwords-django/actions?query=workflow%3ACI

``pwned-passwords-django`` provides helpers for working with the
`Pwned Passwords database from Have I Been Pwned
<https://haveibeenpwned.com/Passwords>`_ in `Django
<https://www.djangoproject.com/>`_ powered sites. Pwned Passwords is
an extremely large database of passwords known to have been
compromised through data breaches, and is useful as a tool for
rejecting common or weak passwords.

There are three main components to this application:

* `A password validator
  <https://pwned-passwords-django.readthedocs.io/en/latest/validator.html>`_
  which integrates with `Django's password-validation tools
  <https://docs.djangoproject.com/en/5.0/topics/auth/passwords/#module-django.contrib.auth.password_validation>`_
  and checks the Pwned Passwords database.

* `A Django middleware
  <https://pwned-passwords-django.readthedocs.io/en/latest/middleware.html>`_
  (supporting both sync and async requests) which automatically checks
  certain request payloads against the Pwned Passwords database.

* `An API client
  <https://pwned-passwords-django.readthedocs.io/en/latest/api.html>`_
  providing direct access (both sync and async) to the Pwned Passwords
  database.

All three use a secure, anonymized API which `never transmits any
password or its full hash to any third party
<https://pwned-passwords-django.readthedocs.io/en/latest/faq.html#api-safety>`_.


Usage
-----

The recommended configuration is to enable both the validator and the
automatic password-checking middleware. To do this, make the following
changes to your Django settings.

First, add the validator to your AUTH_PASSWORD_VALIDATORS list:

.. code-block:: python

   AUTH_PASSWORD_VALIDATORS = [
       # ... other password validators ...
       {
           "NAME": "pwned_passwords_django.validators.PwnedPasswordsValidator",
       },
   ]

Then, add the middleware to your MIDDLEWARE list:

.. code-block:: python

   MIDDLEWARE = [
       # .. other middlewares ...
       "pwned_passwords_django.middleware.pwned_passwords_middleware",
   ]

For more details, consult `the full documentation
<https://pwned-passwords-django.readthedocs.io/>`_.
