activist
activist copied to clipboard
activist-org
Add zxcvbn for realistic crack time estimates in password validation.
Contributor checklist
- [x] This pull request is on a separate branch and not the main branch
- [x] I have run the tests for the backend and frontend depending on what's needed for my changes as described in the testing section of the contributing guide
Description
This PR replaces generic password strength validation messages with realistic estimated crack times using the zxcvbn library. Instead of showing scores like "weak" or "strong", users now see how long it would take to crack their password (e.g., "3 hours", "centuries"), making password requirements more tangible and actionable.
Changes made:
- Integrated zxcvbn library for password strength analysis
- Updated validation logic to display estimated crack time for offline fast hashing scenario (1e10 per second)
- Enhanced error messages to include specific feedback suggestions from zxcvbn
- Added zxcvbn to requirements.in and requirements.dev.in
- Updated password validation in serializers.py
Testing:
- Ran
ruff format ./backend- code formatted successfully - Ran
ruff check ./backend- linting passed - Ran
mypy ./backend --config-file ./backend/pyproject.toml- type checks passed - Started Docker container and ran
pytest- all tests passed
Related issue
- #1549
Deploy Preview for activist-org ready!
| Name | Link |
|---|---|
| Latest commit | 0a2c4b1a5a15e6f4c1b2ace573d9b2c4feb92c29 |
| Latest deploy log | https://app.netlify.com/projects/activist-org/deploys/68e55b7e6035f100089dabc2 |
| Deploy Preview | https://deploy-preview-1560--activist-org.netlify.app |
| Preview on mobile | Toggle QR Code...Use your smartphone camera to open QR code link. |
To edit notification comments on pull requests, go to your Netlify project configuration.
![netlify[bot] avatar](https://avatars.githubusercontent.com/in/13473?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thank you for the pull request! ❤️
The activist team will do our best to address your contribution as soon as we can. If you're not already a member of our public Matrix community, please consider joining! We'd suggest that you use the Element client as well as Element X for a mobile app, and definitely join the General and Development rooms once you're in. Also consider attending our bi-weekly Saturday developer syncs! It'd be great to meet you 😊
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Maintainer Checklist
The following is a checklist for maintainers to make sure this process goes as well as possible. Feel free to address the points below yourself in further commits if you realize that actions are needed :)
-
[ ] The TypeScript, pytest and formatting workflows within the PR checks do not indicate new errors in the files changed
-
[ ] The Playwright end to end and Zap penetration tests have been ran and are passing (if necessary)
-
[ ] The changelog has been updated with a description of the changes for the upcoming release and the corresponding issue (if necessary)
Thanks for the PR, @san-rizz-777! We'll try to get to the review in the coming days :) Could you remove the yarn.lock file that looks to be included by mistake though?
