Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zulip/zerver
History
Mateusz Mandera 06c2161f7e auth: Use zxcvbn to ensure password strength on server side. 
For a long time, we've been only doing the zxcvbn password strength
checks on the browser, which is helpful, but means users could through
hackery (or a bug in the frontend validation code) manage to set a
too-weak password.  We fix this by running our password strength
validation on the backend as well, using python-zxcvbn.

In theory, a bug in python-zxcvbn could result in it producing a
different opinion than the frontend version; if so, it'd be a pretty
bad bug in the library, and hopefully we'd hear about it from users,
report upstream, and get it fixed that way. Alternatively, we can
switch to shelling out to node like we do for KaTeX.

Fixes #6880.
 		2019-11-21 10:23:37 -08:00
..
data_import slack import: Map Slack guest users to Zulip guests. 2019-11-12 12:12:59 -08:00
lib queue: Update error callback signatures for Pika 1.1. 2019-11-20 17:23:48 -08:00
management send_custom_email: Add support for specifying reply-to. 2019-11-18 17:34:01 -08:00
migrations CVE-2019-18933: Fix insecure account creation via social authentication. 2019-11-21 10:23:37 -08:00
openapi settings: Add notification settings checkboxes for wildcard mentions. 2019-11-20 16:58:46 -08:00
templatetags openapi: Pass api_url to curl example generation. 2019-08-17 11:35:08 -07:00
tests auth: Use zxcvbn to ensure password strength on server side. 2019-11-21 10:23:37 -08:00
tornado tornado: Add transitional code for sender_delivery_email. 2019-11-20 17:31:11 -08:00
views auth: Use zxcvbn to ensure password strength on server side. 2019-11-21 10:23:37 -08:00
webhooks integrations: Deduplicate gogs and gitea integrations. 2019-11-18 12:08:09 -08:00
worker push_notifications: Clear PushDeviceToken on API key change. 2019-11-19 15:37:43 -08:00
__init__.py
apps.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
context_processors.py context: Rename social_backends to external_authentication_methods. 2019-11-03 15:55:44 -08:00
decorator.py decorator: Extract require_user_group_edit_permission. 2019-11-18 15:13:29 -08:00
filters.py cleanup: Delete leading newlines. 2019-08-06 23:29:11 -07:00
forms.py auth: Use zxcvbn to ensure password strength on server side. 2019-11-21 10:23:37 -08:00
logging_handlers.py version: Only let `git describe` match tags beginning with a digit. 2019-10-24 14:54:45 -07:00
middleware.py middleware: Fix exception typing. 2019-07-31 12:23:20 -07:00
models.py auth: Use zxcvbn to ensure password strength on server side. 2019-11-21 10:23:37 -08:00
signals.py onboarding: Use delivery_email in "new login" notifications. 2019-11-14 12:19:47 -08:00