Enterprise-grade django password management :key:
Todo
django-secure-passwords is currently available only on Blueshoe’s Python Package Index.
pip3 install django-secure-passwords
Add “django-secure-passwords” to your INSTALLED_APPS:
INSTALLED_APPS = ["...","securepasswords",]
To track login attempts and lock account after a number of unsuccessful attempts use
django-axes package. It can log successful and unsuccessful attempts, saving
this information to the database. The record consists of time of login, IP address, user
agent, username, path to which the login was attempted and the number of failed attempts.
To install this package, run:
pip3 install django-axes
Then, according to the installation guide you need
to add these settings to your settings.py file:
INSTALLED_APPS = ['...',# Axes app can be in any position in the INSTALLED_APPS list.'axes',]
AUTHENTICATION_BACKENDS = [# AxesBackend should be the first backend in the AUTHENTICATION_BACKENDS list.'axes.backends.AxesBackend','...',]
MIDDLEWARE = [# The following is the list of default middleware in new Django projects.'...',# AxesMiddleware should be the last middleware in the MIDDLEWARE list.# It only formats user lockout messages and renders Axes lockout responses# on failed user authentication attempts from login views.# If you do not want Axes to override the authentication response# you can skip installing the middleware and use your own views.'axes.middleware.AxesMiddleware',]
Different configuration variables are available,
those variables can be directly added to the settings.py file.
Recommended: usage of AbstractBaseUser subclass as AUTH_USER_MODEL