relplace Safe by zxcvbn for password strength testing#1620
Merged
liiight merged 1 commit intoFlexget:developfrom Jan 11, 2017
arcresu:zxcvbn
Merged
relplace Safe by zxcvbn for password strength testing#1620liiight merged 1 commit intoFlexget:developfrom arcresu:zxcvbn
liiight merged 1 commit intoFlexget:developfrom
arcresu:zxcvbn
Conversation
Member
|
From what I can see, safe has no 3rd party requirements too. Other than that, I'm not sure this change has merit just for change sake. Safe is maybe simple but it does its job. |
Contributor
Author
|
It's not change for the sake of it - it's about reducing the dependency on unmaintained code. It seems to be an easy change and zxcvbn is better than safe in a couple of respects. |
Member
|
ok, did you test this with the CLI command? |
Contributor
Author
|
I tested with the CLI command, yes. It works as intended and seems to have a reasonable threshold for password complexity. |
Member
|
Thanks! |
liiight
pushed a commit
that referenced
this pull request
Jan 20, 2017
* v2.9.0 * Prepare v2.9.1.dev * Support searching for titles which contain quotes (#1618) [change] piratebay: replacing single quotes with spaces as their search engine doesn't like them * [added] subliminal: added support for .rar files * NPO parameter has changed for only showing full episodes (#1616) [change] npo_watchlist: updated to only grab broadcasts; previously it also grabbed trailers * [fix] est_released_movies: Fixed crash with movie_year of None (#1602) * [added] convert_magnet: new config option to fail entries if conversion fails, closes #1619 * Don't evaluate 'if' statements on un-needed phases for simple accept/reject actions. * v2.9.1 * Prepare v2.9.2.dev * relplace Safe by zxcvbn for password strenght testing (#1620) * [fix] sickbeard: fixed a typo that caused a crash when 'include_data: yes', fixes #1623 * v2.9.2 * Prepare v2.9.3.dev * Support for 2160p (#1625) [added] quality: added support for 2160p * [Fix][UI] improves version checking, fixes #1617 * [Fix][UI] Removing a show when in search mode, keeps the UI in search page #1559 * [Change][UI] Username is autofilled on login page * Removed incorrect files * v2.9.3 * Prepare v2.9.4.dev * [Add][UI] Config section allows editing of variables * Added warning regarding variables configuration * v2.9.4 * Prepare v2.9.5.dev * added support for Exx identifier in series parser (#1622) [change] series parser: added support for Exx identifier * [Add] My Anime List input plugin (#1629) * [Add] My Anime List input plugin * Review changes * Python 3 .values =/= list * Converting config variables to lists * Correct list conversion * v2.9.5 * Prepare v2.9.6.dev * Update app.py * Added base_url to webserver config * Made `base_url` setting a little looser so that `/` is not mandatory * Update url-interceptor.service.js * Check base_url exists before prepending / * Make sure base_url doesn't end with / * fix api in UI * Fix log page * Removed leftover prints * Fix series and movie posters not loading correctly
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Motivation for changes:
Currently in the webserver password strength is checked using the Python library Safe. This library has not seen very much attention from its author in a while and it is quite simplistic in its approach.
Instead I propose to use the Python implementation of Dropbox's zxcvbn library dwolfhub/zxcvbn-python. This is a more sophisticated password strength checker which is actively maintained. It is pure Python and does not introduce extra dependencies. Note that there are older forks of the code but this is the current officially endorsed one.
Detailed changes:
Replace the dependency on Safe with one on zxcvbn-python.
It can provide a more detailed password analysis but at the most basic level it returns a score from the following list:
I require that the password have a score of at least 3 in order to be considered secure.