django-fire

vulnerable password cleanser for django


Keywords
django, password, password-remover, password-cleanser, security
License
MIT
Install
pip install django-fire==1.0.0

Documentation

django-fire

https://readthedocs.org/projects/django-fire/badge/?version=stable

django-fire is a toolbox for invalidating users password when user's password is exposed or password hashing algorithm is cracked.

Quickstart

If you need to invalidate your users' password fast, follow the instructions.

  1. install packages
$ pip install django-fire
  1. add django_fire app to your project
# settings.py
# ...
INSTALLED_APPS = (
    # ...
    'django_fire',
    # ...
)
  1. calling command firepassword invalidate users' password
$ python manage.py firepassword --all  # if all your passwords are exposed.
$ python manage.py firepassword --users 1 2 3  # for specific users
$ python manage.py firepassword --hashers md5 crypt  # for hashers (NOT IMPLEMENTED)
  1. After invalidating passwords, add auth backend to notice users
# settings.py
AUTHENTICATION_BACKENDS = [
    # ...
    # Users (whose password invalidated) are failed to login and
    # see announcement for password reset.
    'django_fire.backends.FiredPasswordBackend',
]

Documentation

See Documentation