Added an explicit setting for the password hashers to use, in order to place the bcrypt hasher first. This makes BCrypt the default hasher. Added the django_password_strength app to installed apps.

- Legacy-Id: 12796
2017-02-09 16:53:08 +00:00 · 2017-02-09 16:53:08 +00:00 · b1bbf9850f
parent cbd958e16a
commit b1bbf9850f
1 changed files with 9 additions and 2 deletions
--- a/ietf/settings.py
+++ b/ietf/settings.py
@ -54,6 +54,13 @@ ADMINS = (
    ('Ryan Cross', 'rcross@amsl.com'),
 )

+PASSWORD_HASHERS = [
+    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
+    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
+    'django.contrib.auth.hashers.SHA1PasswordHasher',
+    'django.contrib.auth.hashers.CryptPasswordHasher',
+]
+
 ALLOWED_HOSTS = [".ietf.org", ".ietf.org.", "209.208.19.216", "4.31.198.44", ]


@ -296,11 +303,12 @@ INSTALLED_APPS = (
    'django.contrib.staticfiles',
    # External apps 
    'bootstrap3',
+    'django_markup',
+    'django_password_strength',
    'djangobwr',
    'form_utils',
    'tastypie',
    'widget_tweaks',
-    'django_markup',
    # IETF apps
    'ietf.api',
    'ietf.community',
@ -782,7 +790,6 @@ SILENCED_SYSTEM_CHECKS = [
    "fields.W342",  # Setting unique=True on a ForeignKey has the same effect as using a OneToOneField.
 ]

-
 # Put the production SECRET_KEY in settings_local.py, and also any other
 # sensitive or site-specific changes.  DO NOT commit settings_local.py to svn.
 from settings_local import *            # pyflakes:ignore pylint: disable=wildcard-import