From 45cb43958dcf1f1f9f2df1996c25506f28f61cf3 Mon Sep 17 00:00:00 2001 From: "Christopher C. Wells" Date: Thu, 16 Sep 2021 19:14:48 -0700 Subject: [PATCH] Set default password policies in base settings --- babybuddy/settings/base.py | 25 +++++++++++++++--- babybuddy/static_src/scss/forms.scss | 9 +++++++ babybuddy/tests/tests_forms.py | 4 +-- static/babybuddy/css/app.css | 6 +++++ static/babybuddy/css/app.css.gz | Bin 29609 -> 29629 bytes ....22af9f4f03ae.css => app.d7d3f365742e.css} | 6 +++++ ...f4f03ae.css.gz => app.d7d3f365742e.css.gz} | Bin 29666 -> 29690 bytes static/staticfiles.json | 2 +- 8 files changed, 46 insertions(+), 6 deletions(-) rename static/babybuddy/css/{app.22af9f4f03ae.css => app.d7d3f365742e.css} (99%) rename static/babybuddy/css/{app.22af9f4f03ae.css.gz => app.d7d3f365742e.css.gz} (92%) diff --git a/babybuddy/settings/base.py b/babybuddy/settings/base.py index 6e9947113..5ba95fba1 100644 --- a/babybuddy/settings/base.py +++ b/babybuddy/settings/base.py @@ -234,16 +234,35 @@ # Security -# https://docs.djangoproject.com/en/3.2/topics/http/sessions/#settings -# https://docs.djangoproject.com/en/3.2/ref/csrf/#settings -# See https://docs.djangoproject.com/en/3.2/ref/settings/#secure-proxy-ssl-header for why and when to set this +# https://docs.djangoproject.com/en/3.2/ref/settings/#secure-proxy-ssl-header if os.environ.get('SECURE_PROXY_SSL_HEADER'): SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') +# https://docs.djangoproject.com/en/3.2/topics/http/sessions/#settings SESSION_COOKIE_SECURE = True + +# https://docs.djangoproject.com/en/3.2/ref/csrf/#settings CSRF_COOKIE_SECURE = True +# https://docs.djangoproject.com/en/3.2/topics/auth/passwords/ +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + 'OPTIONS': { + 'min_length': 8, + } + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, +] # Django Rest Framework # https://www.django-rest-framework.org/ diff --git a/babybuddy/static_src/scss/forms.scss b/babybuddy/static_src/scss/forms.scss index 2c82c1fbc..9ace10c20 100644 --- a/babybuddy/static_src/scss/forms.scss +++ b/babybuddy/static_src/scss/forms.scss @@ -65,6 +65,15 @@ z-index: 1030; } +// Tweak padding on form field help blocks. +.help-block { + ul { + padding-left: 1rem; + padding-bottom: 0; + margin-bottom: 0; + } +} + @include media-breakpoint-up(md) { // Restore regular inline button on larger screens. .submit-primary { diff --git a/babybuddy/tests/tests_forms.py b/babybuddy/tests/tests_forms.py index 7aaf0d67e..7498fc7cc 100644 --- a/babybuddy/tests/tests_forms.py +++ b/babybuddy/tests/tests_forms.py @@ -75,8 +75,8 @@ def test_user_forms(self): 'first_name': 'User', 'last_name': 'Name', 'email': 'user@user.user', - 'password1': 'password', - 'password2': 'password' + 'password1': 'd47o8dD&#hu3ulu3', + 'password2': 'd47o8dD&#hu3ulu3' } page = self.c.post('/users/add/', params) diff --git a/static/babybuddy/css/app.css b/static/babybuddy/css/app.css index 5dfbe8e77..f524f8e7a 100644 --- a/static/babybuddy/css/app.css +++ b/static/babybuddy/css/app.css @@ -10526,6 +10526,12 @@ h3 { z-index: 1030; } +.help-block ul { + padding-left: 1rem; + padding-bottom: 0; + margin-bottom: 0; +} + @media (min-width: 768px) { .submit-primary { display: inline-block; diff --git a/static/babybuddy/css/app.css.gz b/static/babybuddy/css/app.css.gz index 398f95f13ca109a8953a2a3960c2ef4e7a1e261a..248b73971b6191d290842c7c8a104985d83ca122 100644 GIT binary patch delta 2045 zcmVB+E_Ipn|syZ=44K4Pu7a*c|KQd^fl2D*(!!tT1_uJoijJwqN_>3 za}GP3Y18Q>WnHZ!Jit=#Ogk3$*}yD|DWMsCo509fK(xM-nBGjVG=dJLb5C3dV-h2b zNtiGuHxb69e~&Q4Ga5>;ovTVkNts#_7D53Z9a~{UfXJ+y93#|S9YX6`b!8}&1#o{# zHwP1)gGna`1IdEim})rOJkT&Q0u4}{mcP`-+zEBU;Nj4tx~aBJ2DG!;)NQAQo+*C! z2=M);Y;DXZmSNr^=j1mfo$RYhM>-19DOxVm;Ziw*e-DktoWBXH`e(JIKBAc2RdFAX z?^1k=eTYFaSmM*=Zd3+!SNHLEVXG4xoybjG-TWU(dt%a_1k(mOF-Ie7pr^#8@3ek~ zowIMqAuDo_iX9!sf9wy3sss)-1>~nty-$jcx}5`?NsY}}t8BUj z4=O1Kf90UbX2buP;n;u#;?;&E_pn{V%i z!?(ELTk(BZ?N9&HJe!Zx*VyZZso>X4tly{opXsw}HA*&lF7^-$g2 zKe!M*@7L>0AuN!P4;_FmI1kwA1VWwKbJfA=@zay6vXraDfeKK;X{Ll`l6YsNY2a@^ zf4_SByTKnf?S5MgHfT(H9Q^dZ{?CK@h-Mi(dLU(sE&p-5M{^hC*be?TG_>u1`K20? z2`K87Pj!J<-WB^T*}GP+2QT~cV28THpgs);zk7=*{AG`KQJyyW35`EZL(j_%Hudg= zRQw+Xf8GrcdZhUO%TGylB#g3h6^^72fAZr1&2riUeyC4K5zlDejJ^@%T<4EuI}+7% zRQuJ(`h@pyA`ADaE~?~!X3$MS4xBxXsL~snYv}G9A>%jHvI~8D6WTa$MB}_c1>W5A zE`#{~xj<&)_#f{{SmlE_nm}Lw?)}|>e7O6dj=jFF1vRcy6OIRRvT;{^qCSyxf97Hx z)KdcZe2|6A^N4R`g?%uj5&J`4kaLQ|#XH=NA0qbtE`QeLv-Go$s^?o0(sDSOn2Trh{#uJu;*JfE#Uadah5{@em6P zluJGCNh^u4{C-z&X!8j(gt`zfNj#vx6-mWBAoJr?zf{D?bafoq6|BSBDgnlt2-D(!$p zPWn9RpZ{MUce9f)5Cm}iRk#@wF@7Ap8{a^U=caCzSi!WAs3(;|K@>l@e}E?sh9im5 z08gc_;B0I0k1!lGX~J)J+3gI|Ep#=vmjtc^U)ed45c4EmcTzWPg%O>^f}j%l$)U8Lm=aKy-`yT5X zTPwN0e`~9o%gGy?>|x61f9m{wpRd=eEvMe>OBh`_kv1_txGMP6G-4NXX z9U9-1jmD~ERj^Yj<1`czML?e8hiX?fsv49m*x9kB>Qr?oyDh1qm?$QaM5LhxQ3EJ2 zo+J--giX38T=?%-J4Clcw?IkZtf>}Ni%LH4HFQUG2UIz;H~%zte@}K#7U~0R6SaBj zE}HoVs)wmK@r`{zj|LwJ9|4oi0C|HNd?I|Bf%fK-MxRNarv_VejT$o@vJT@jtCZ)< z@9Nv1lmjk$_N*U8MqS9L%QMr_dW(8AJ(^M_aMiB*WPMI(@yIuMw-C6#Ngw{FH8Eln zBejW{A5^i8G20kVbEQtX3Q<&j0979_pQTq}ntP{v=ZNi>U<&1e2{rmb`tdLRlRcXG zFn$4yUw9tj;#0$%o|w~RW(Q4WB9%SVN^$(TSEe6#So`APLj bWu$D9VzUxx18pJg%Yn5&4pLjl_9p`Xzx48p delta 2025 zcmVTMjFL$+Mn{`(%sF+bTtsaTb;$z598PVL zp#ONsB~gez;g0k$FyGe50S(x{%C;obyCZs4R7d22(%=a6o=!-Sf1NtjMc(je$hI!a zhPul(&~RUtR%OWOhIhWD^YmemjmLP1OYdDMu(5LVM;M^pKPP2%%IoIHC#hoFqS$k! zXHGGf$ha{>QcSXoIR#CJvngxlZ$8!4GqS#I^}j#T8TOF;Ne-JmJJ`9+FX9B!luZw9 zxCE~ok*M0~+*a70f1kHIPw0tZoH18P>8CRm)Nzqep7E}fkYZ&=%XgRyr;unXsg(sy zm}U3qp(td%agTKDRZ*?uNNhBL=Xo5}qw3wOnxU9Yc)p};r@K>{XUyhmK97(ZfvFnJ zRL-BX8JDPRQ$xlrWl@NZ`XT5?c$PZQr>Ue@*`QF!3x-4`e{kF%4|=DKRRgjUSB*qY z=A`yyVV54hbJa#)z#Nf%U3gj4beYpR^O-HWngl$Drn8wg_f1mP)jH<#EKkm~Vcve-#nUG3zGB2z3jF(7IM##tCHs+)UEV!9?d^(#gRN8B zj)HWGmdkXwRL;voV=?D%!m9pREvb(vW_MNG2jsgHf8SysVvr1$_$as=l|kLref(Y6 z>cmDTauZi~>POO^n6xLsw1G~{(a0L;`D^Jrt)F4%>>F|-iky04=Y14q&BS!hJP7{I z1Re4p`@^9sffGmp$s|{Se=+mfSsz5UJrN*%1s(G|wEL&FIv({HnGOM*p&m9l^0(OsG{Ze@_NCR#8WQ+~ zrE!`;-N!&6$t;2H0AXs>R2OzwNTfG$H$UEE;Wjnjh^C>7qm(Z?89B>Z()BiNj=Hqm>7~S2+ zl>Vl!(Ddl;et=Ujb#Qw8^dze+%8nm40w1Uc9FeWf>?mnnvudi!CjqB8e-~(%YfAE$W*AvcT9txnwP@{=|fo^2@X=l1c7#A*QLQjdGmN+K-3-_={1go|aaLHz+4 zpCf&jF!5kD=DK@)K^^AQ)`h4&e;R4_pDNsgu+HNig!&NqXkINK$l|U>q*2j+im0w} zNE0tSA^vfXMZF?F;?7v$8sgzd5LBJ!3^}DrJ7AHMK9Bn6aPV)WTt#T_vbqq1;sd;>MEn>r{-71KhZt^^7NQM_%`l?&sNe}q7Qr;=Cj zOl#ria$G>tgl}d#(>a_@FNeo_2MI_gTT)!AB)O8=Ekkc>x6RF-7jLq~;A-i2r@nI? zNIsg5$k8;I*m211ubF(_xTR_9=B^XkHIMWYuX}9o>~5^hzP2`V>+z0F*D&ROb@jT> z&*yD?E^Gr-wCRw1j9Nxx~RN>l|pF`g+Ijn&9%VCRy?X(%KLf%1+Q zs8!Xe>QFLZmuH%4P&J_JvZRJ0qKHTWk%pQ?O(5UoC3vVUY|*vgf`vzHi0+8)fa1hi zQ*Ej?mHgjp=$_~vsC;R!)M@O2?13!M8`vT0@X-CQ=O3va=jMrLf9%_IH26gL1Q;&{ z$PQ}onecfD+KWpXeIb3BYwU$<)H(A?_R9I0X3DGOr1mwFvcW-5U(BP(@C`D2B+E_Ipn|syZ=44K4Pu7a*c|KQd^fl2D*(!!tT1_uJoijJwqN_>3 za}GP3Y18Q>WnHZ!Jit=#Ogk3$*}yD|DWMsCo509fK(xM-nBGjVG=dJLb5C3dV-h2b zNtiGuHxb69e~&Q4Ga5>;ovTVkNts#_7D53Z9a~{UfXJ+y93#|S9YX6`b!8}&1#o{# zHwP1)gGna`1IdEim})rOJkT&Q0u4}{mcP`-+zEBU;Nj4tx~aBJ2DG!;)NQAQo+*C! z2=M);Y;DXZmSNr^=j1mfo$RYhM>-19DOxVm;Ziw*e-DktoWBXH`e(JIKBAc2RdFAX z?^1k=eTYFaSmM*=Zd3+!SNHLEVXG4xoybjG-TWU(dt%a_1k(mOF-Ie7pr^#8@3ek~ zowIMqAuDo_iX9!sf9wy3sss)-1>~nty-$jcx}5`?NsY}}t8BUj z4=O1Kf90UbX2buP;n;u#;?;&E_pn{V%i z!?(ELTk(B3%Zg$)ndR$jlntx>>3^DM^Km*`jPCAxgML$2XySBtKfw7O^3%6>)pk{t zWmP8o0}i$xs=NCK7uNA)y2$cLwk&3&;q!jI&J>meM)JXfr7DVawaiANY&9cTTu3}P zf2OPHXpxVq$!IMGv#UxuvB18qKb4u1My|K~w{M01uMJ>Ig#8ShCJ+8MG*Iq; z`K20?=`8BwPj!L#-xd2U*$G##2QT~ce_)3?*PuQP2furZDg0%R_hg*G-qlL_@O=_wLYU+IQmAA^B#00 zo118_LA76ftWS71D6*HI>Y_>xXg=N~h#pS95zTf%IZjPkotbgf7?3WX%#k;%J7H_qKRw|+nal2{tvTInC9>pnpaZ2g=-(R=P7Vou$gC)T{69x#p0u9?`Y?m?gn+EMMv`5en zlbFnCSf8;zVQoZ+8k94X6BGrBRjb-(YM&?!*w#;t8Zb2=N-~}re^fA3Fa$@WK|_Xy z1f?c|^H41uF*hR4&O8vr&;dgS1i6@8qsB~)nL;F>L5B<-64cw0>xvq7#MlvIRyT0M z(1fS%dp&>5)NxHGiIKg3H1LGM69QeH0S(l^QwC4xK)G(Ep=XSq)r{?gM%BzYW9O{T zG6-KxzV!dUkvQN%e=oNYQpo&*$ozt5W}wxUUovyaOt+VYYE{>aU2}(aHWSkf<1|c+ z-&as8;*pDZREwB=?wK+On-FaFQq9mYxqTc6`wE_tQ`}J~0{}eQ43hu= delta 2083 zcmV+;2;BGj=KTMjFL$+Mn{`(%sF+bTtsaTb;$z598PVL zp#ONsB~gez;g0k$FyGe50S(x{%C;obyCZs4R7d22(%=a6o=!-Sf1NtjMc(je$hI!a zhPul(&~RUtR%OWOhIhWD^YmemjmLP1OYdDMu(5LVM;M^pKPP2%%IoIHC#hoFqS$k! zXHGGf$ha{>QcSXoIR#CJvngxlZ$8!4GqS#I^}j#T8TOF;Ne-JmJJ`9+FX9B!luZw9 zxCE~ok*M0~+*a70f1kHIPw0tZoH18P>8CRm)Nzqep7E}fkYZ&=%XgRyr;unXsg(sy zm}U3qp(td%agTKDRZ*?uNNhBL=Xo5}qw3wOnxU9Yc)p};r@K>{XUyhmK97(ZfvFnJ zRL-BX8JDPRQ$xlrWl@NZ`XT5?c$PZQr>Ue@*`QF!3x-4`e{kF%4|=DKRRgjUSB*qY z=A`yyVV54hbJa#)z#Nf%U3gj4beYpR^O-HWngl$Drn8wg_f1mP)jH<#EKkm~Vcve-#nUG3zGB2z3jF(7IM##tCHs+)UEV!9?d^(#gRN8B zj)HWGmdkXwRL;voV=?D%!m9pREvb(vW_MNG2jsgHf8SysVvr1$_$as=l|kLref(Y6 z>cmDTauZi~>POO^n6xLsw1G~{(a0L;`D^Jrt)F4%>>F|-iky04=Y14q&BS!hJP7{I z1Re4p`@^9sffGmp$s|{Se=+mfSsz5UJrN*%1s(G|wEL&FIv({HnGOM*p&m9l^0(OsG{Ze@_NCR#8WQ+~ zrE!`;-N!&6$t;2H0AXs>R2OzwNTfG$H$UEE;Wjnjh^C>7qm(Z?89B_uTqL@u)`8peA!)kx} zpXS+ooX!@byZhdt-_#YFINjY3aB_zH^zB`>T~%dSmC62qBcq4v?*74rbv&6avV4*) zi`i)SykD;~g(ZQJeDGkYiXvStv(YG9%?K735)Y2)YC2lvqiQmmkB6rdh~m_qtBwjS zf3wx7TFl3ze7qbUKRrn?$ySmGQ2{D>%`nj<67P%*4gBrrS8sne_~WMCZ>zxujgXIn zpZ?eXc~BqGoMlJPqHOUva@_9GObEHjgZ~W;l>1+PsfJ`ai~9IeT_FB<#ePe+t<~$n z%ls82|(&uA8oz7gcS2OY^yB-(3G?N=Y`6W+Rs?B%DrsFDMk zk2eW9YxX#zUC8JMMo)MnWc-GX6F!BGYNOU~vH2j5e<;w` zzk7c-ARq2NsKdIi*Fr7rREy(*oN(M#pQyX#oD^9H_LM+AAHN~XKjIr&VfPNH$NrEP zWR)JKrRL(fjq+0cO0?8x+~$ahSgo|>1#1}R5b9SIIn-%oj4 z=R2*!W(F7@aX~bZ?O_{fk8C`7f5444I6c=V?9+&a2Fj%#Ql*tdSbo2&w=};OONxU! z2eMxOUtf2#(>4$UaQszrLzNm-;Ltnj8DNqJl^!A`A72`ap?`Wb!aue>k8Uz@-zP-XYp2 z+6VGExuu3wLn_GxEObD00Myykn}8NOBs(Na?FNpBMm%&s>iHw8qp>)Noj$0?g2#l% zfPS4pcF=++geOx_?^{{)l=O70u^XW?W9E$PjPY3|;j`sS_v&5B1_!-*=8qxsbIAOh zM`mEvmS50Z(6l>Ae`r>9O?J%=-B^uXGi)Vc?8=7#T17mvh)1)CsSj4Mj3<`yG&Xh0 z1&*P5H&DGB&S&KXp5<=oZrNgeGfXRMxzwU}q<0hX@0WjO!{QRKxa4t!>skx5dkS`s zf7+R$`VUb32Pnxatf~f>6=ehHEqyfDh>R1+2k$U^8QfFd8B;k)n