altf4arnold/datatracker
1
0
Fork 0
Code Issues Pull requests Actions 3 Packages Projects Releases Wiki Activity
datatracker/ietf/templates/registration/change_password.html
Jennifer Richards 067ae17b4e
fix: do not set user template var in ietfauth views (#4216) 
Lets the `user` variable pick up `request.user`.
Fixes #3568
2022-07-15 13:37:25 -05:00

64 lines
2.9 KiB
HTML
Raw Blame History

{% extends "base.html" %}
{# Copyright The IETF Trust 2015, All Rights Reserved #}
{% load origin %}
{% load django_bootstrap5 %}
{% load static %}
{% block title %}Change password{% endblock %}
{% block js %}
{{ block.super }}
<script src="{% static 'ietf/js/zxcvbn.js' %}"></script>
<script src="{% static 'ietf/js/password_strength.js' %}"></script>
{% endblock %}
{% block content %}
{% origin %}
<!-- [html-validate-disable-block no-inline-style, prefer-native-element -- FIXME: django_password_strength uses outdated HTML] -->
{% if success %}
<p class="alert alert-success my-3">
Your password was successfully changed.
</p>
{% if not user.is_authenticated %}
<a
class="btn btn-primary"
href="{% url 'ietf.ietfauth.views.login' %}"
rel="nofollow">Sign in</a>
{% endif %}
{% else %}
<h1>Change password</h1>
{% if update_user and update_user != user %}
<div class="alert alert-info my-3">
This will change the password for user {{ update_user }}.
</div>
{% endif %}
<form method="post" class="my-3">
{% csrf_token %}
{% bootstrap_form form %}
<button type="submit" class="btn btn-primary">Change password</button>
</form>
<div class="alert alert-info mt-5">
<b>Online attack: </b>This password form uses the
<a href="https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-strength-estimation/">zxcvbn</a>
password strength estimator to give an indication of password strength.
The crack time estimate given above assume online attack without rate
limiting, at a rate of 10 attempts per second.
<hr>
<b>Offline cracking: </b>
The datatracker currently uses the <code>{{ hasher.algorithm }}</code>
password hasher with
{% if hasher.iterations %}
{{ hasher.iterations }} iterations
{% elif hasher.rounds %}
{{ hasher.rounds }} rounds
{% elif hasher.time_cost and hasher.memory_cost and hasher.parallelism %}
<code>time cost {{ hasher.time_cost }}</code>, <code>memory cost {{ hasher.memory_cost }}</code>
and <code>parallelism {{ hasher.parallelism }}</code>{% endif %}.
Calculating offline attack time if password hashes should leak is left
as an exercise for the reader.
<span class="password_strength_offline_info d-none">
As a guideline, if we assume offline hashing using the current hasher
at a speed of 10<sup>4</sup> attempts per second, this password would
take <em class="password_strength_time"></em> to crack.
</span>
</div>
{% endif %}
{% endblock %}
Reference in a new issue View git blame Copy permalink