Cuz
June 12, 2019, 4:24pm
1
In Setup → System Settings → SECURITY, I can specify a Minimum Password score.
How can I find out what rule(s) every score level implies?
Hi! The integer value scores apparently relate to complexity estimation , not actual discrete rules.
To learn more refer to these for example
Is there a way to know the minimum requirements?
For clues a web search on zxcvbn may provide answers?
Let us know what you find!
On further study and just to clarify -
ERPNext uses zxcvbn just to assess a user supplied password
# Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
# License: MIT. See LICENSE
from typing import TYPE_CHECKING
from zxcvbn import zxcvbn
from zxcvbn.scoring import ALL_UPPER, START_UPPER
import frappe
from frappe import _, _lt
if TYPE_CHECKING:
from collections.abc import Iterable
from zxcvbn import _Result
from zxcvbn.feedback import _Feedback as PasswordStrengthFeedback
from zxcvbn.matching import _Match
def test_password_strength(password: str, user_inputs: "Iterable[object]" = None) -> "_Result":
show original
Whereas passlib provides the backend functions to handle passwords
# Copyright (c) 2015, Frappe Technologies Pvt. Ltd. and Contributors
# License: MIT. See LICENSE
from cryptography.fernet import Fernet, InvalidToken
from passlib.context import CryptContext
from pypika.terms import Values
import frappe
from frappe import _
from frappe.query_builder import Table
from frappe.utils import cstr, encode
Auth = Table("__Auth")
passlibctx = CryptContext(
schemes=[
"pbkdf2_sha256",
"argon2",
],
show original
I am not familiar with passlib Passlib 1.7.4 documentation — Passlib v1.7.4 Documentation
Since that is a business policy decision, my guess is rather than code and have to support this, ERPNext provides zxcvbn instead for user’s to assess passwords
zxcvbn tests will tell you how strong the password is
1 Like