Re: FK Autocomplete Widget [GSoC '09 Admin UI Improvements]
+1 for JqueryUI, it has come a long way in the last year, and it now has a nice system for subclassing widgets with the widget factory. http://bililite.com/blog/extending-jquery-ui-widgets/ -Thomas On Wed, Jun 2, 2010 at 18:45, Jannis Leidel wrote: > > To me that would be a nice feature addition. It does, however, bring > > into question the fact that a widget, intending to be used on the > > public side, would depend on jQuery for its UI. Is Django ready to go > > there? Or would an admin-only autocomplete widget be preferred? > > The jQuery based ForeignKey widget was part of the adminui refactor and > only for this use case discussed. It did have a bunch of side effects that > prevented a timely merge before the 1.2 feature freeze, but we should now > restart the efforts in my opinion. > > > Also, at the time, many of the jQuery autocomplete widgets were in a > > state of flux or had some warts. Our (Jannis and my) idea at the time > > was to write our own from scratch, custom and optimized for Django. > > That looks to be about a year ago so the state of things is probably > > much different today. (Or not?) > > At the time we hadn't a good (or 'stable') autocompletion plugin that would > fit our needs. Now that the autocomplete feature is part of jQuery UI, maby > we should review it again and see if it'd help us. In any case, there is of > course the issue of an admin ManyToMany widget that should be dealt with at > the same time. > > Jannis > > > On Wed, Jun 2, 2010 at 7:13 AM, Sergej dergatsjev eecho > > wrote: > >> Current Admin Extensions > >> > >> ForeignKeyAutocompleteAdmin - ForeignKeyAutocompleteAdmin will enable > >> the admin app to show ForeignKey fields with an search input field. > >> The search field is rendered by the ForeignKeySearchInput form widget > >> and uses jQuery to do configureable autocompletion. > >> > >> http://code.google.com/p/django-command-extensions/ > >> > >> > >> 2010/6/2 bydesign : > >>> I second the vote to add the GSoC '09 Admin UI foreign key > >>> autocomplete! It's actually somewhat embarrassing that this > >>> functionality hasn't made it in yet. Foreign keys in the admin > >>> interface become unusable if you have more than 50 or so rows in the > >>> table. I hope that since this code has already been written and > >>> tested, it can be included very soon! > >>> > >>> > >>> On Jun 1, 9:30 am, Russell Keith-Magee > >>> wrote: > On Thu, May 27, 2010 at 8:26 PM, Philipp Metzler > wrote: > > hello, > > > i'm looking for exactely the same solution for an "Ajax foreign key > > filter in the Django admin interface" and hoped it would be > integrated > > into the admin interface. I think it should be standard behaviour and > > could be configurable in the admin.py Is the development of the admin > > interface going in that direction or is it not planned at all? > > We're at the start of a development cycle, so the plans for the next > release haven't been finalised yet (beyond the broad guideline that it > will be a feature-light, bugfix heavy release). If this is an area > where you would like to see improvements, feel free to make a specific > proposal (preferably one accompanied by sample code :-) > > Yours, > Russ Magee %-) > >>> > >>> -- > >>> You received this message because you are subscribed to the Google > Groups "Django developers" group. > >>> To post to this group, send email to > django-develop...@googlegroups.com. > >>> To unsubscribe from this group, send email to > django-developers+unsubscr...@googlegroups.com > . > >>> For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > >>> > >>> > >> > >> -- > >> You received this message because you are subscribed to the Google > Groups "Django developers" group. > >> To post to this group, send email to django-developers@googlegroups.com > . > >> To unsubscribe from this group, send email to > django-developers+unsubscr...@googlegroups.com > . > >> For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > >> > >> > > > > > > > > -- > > -Rob > > > > -- > > You received this message because you are subscribed to the Google Groups > "Django developers" group. > > To post to this group, send email to django-develop...@googlegroups.com. > > To unsubscribe from this group, send email to > django-developers+unsubscr...@googlegroups.com > . > > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > > > -- > You received this message because you are subscribed to the Google Groups > "Django developers" group. > To post to this group, send email to django-develop...@googlegroups.com. > To unsubscribe from this group, send email to > django-developers+unsubscr...@googlegroups.com > . > For more options, visit this group at > http://groups.google.com/group/django-developers?hl=en. > > -- You received th
Re: Strong security measures for the Auth Framework
I agree that instructions should be clearer on the importance of
adding password strength rules. We can all agree there is no one size
fit all solution to password strength, but a standard default would be
helpful for production.
I recently attempted to use the cracklib module on webfaction but it
caused errors on import, so I settled on using a regex. Adding
cracklib as an external dependency may be one of the biggest concerns
here.
>>> import cracklib
Traceback (most recent call last):
File "", line 1, in
File
"/home/username/.virtualenvs/env/lib/python2.5/site-packages/cracklib.py",
line 28, in
from _cracklib import FascistCheck
ImportError:
/home/username/.virtualenvs/env/lib/python2.5/site-packages/_cracklibmodule.so:
undefined symbol: GetDefaultCracklibDict
password1 = forms.RegexField(regex=r'[a-za-z...@#$%^&+=]{8,}',
max_length=50,
widget=forms.TextInput(attrs=attrs_dict),
help_text='Password must be at least 8 characters.',
required=True,
label=_("Password"),
error_messages={'invalid':"Password must be at least 8
characters, sorry."})
Tom
On Fri, Nov 26, 2010 at 12:57, Serge Spaolonzi (Cobalys.com)
wrote:
> Hi,
> I have been working with Django for two years, in order to fit my
> systems requirements i have changes some parts of the Django code, One
> of them the Authorization Framework i have added the next features:
>
> -Password Strength Validation with cracklib.
> -Maximum Login attempts.
>
> I want to ask for those features and merge my code with the official
> Django code.
>
> This is my code for the password strength validation:
>
> Line 156 from Method clean_new_password2(self) from /django/contrib/
> auth/forms.py:
>
> def clean_new_password2(self):
> password1 = self.cleaned_data.get('new_password1')
> password2 = self.cleaned_data.get('new_password2')
> if password1 and password2:
> import crack
> # Increase the number of credits required from the default of 8
> if you want.
> crack.min_length = 8
> try:
> crack.VeryFascistCheck(password1)
> except ValueError, message:
> raise forms.ValidationError("Weak Password, %s." %
> str(message))
>
> if password1 != password2:
> raise forms.ValidationError("Passwords do not match.
> Please try again.")
> return password2
>
>
> Original Method:
>
> def clean_new_password2(self):
> password1 = self.cleaned_data.get('new_password1')
> password2 = self.cleaned_data.get('new_password2')
> if password1 and password2:
> if password1 != password2:
> raise forms.ValidationError(_("The two password fields
> didn't match."))
> return password2
>
>
> -That code i have published includes the import statement inside the
> method, i did that only to avoid post the entire file here. The code i
> have is more clean.
> -It requires cracklib and python-cracklib
>
>
> I have more code to publish but i want to start with this.
> Opinions?
>
> Thanks
>
> --
> You received this message because you are subscribed to the Google Groups
> "Django developers" group.
> To post to this group, send email to django-develop...@googlegroups.com.
> To unsubscribe from this group, send email to
> django-developers+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/django-developers?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
Re: Strong security measures for the Auth Framework
Also see this comment:
http://code.google.com/p/django-registration/issues/detail?id=14
On Fri, Nov 26, 2010 at 20:18, Thomas Schreiber wrote:
> I agree that instructions should be clearer on the importance of
> adding password strength rules. We can all agree there is no one size
> fit all solution to password strength, but a standard default would be
> helpful for production.
>
> I recently attempted to use the cracklib module on webfaction but it
> caused errors on import, so I settled on using a regex. Adding
> cracklib as an external dependency may be one of the biggest concerns
> here.
>
>>>> import cracklib
> Traceback (most recent call last):
> File "", line 1, in
> File
> "/home/username/.virtualenvs/env/lib/python2.5/site-packages/cracklib.py",
> line 28, in
> from _cracklib import FascistCheck
> ImportError:
> /home/username/.virtualenvs/env/lib/python2.5/site-packages/_cracklibmodule.so:
> undefined symbol: GetDefaultCracklibDict
>
>
> password1 = forms.RegexField(regex=r'[a-za-z...@#$%^&+=]{8,}',
> max_length=50,
> widget=forms.TextInput(attrs=attrs_dict),
> help_text='Password must be at least 8 characters.',
> required=True,
> label=_("Password"),
> error_messages={'invalid':"Password must be at least 8
> characters, sorry."})
>
> Tom
>
> On Fri, Nov 26, 2010 at 12:57, Serge Spaolonzi (Cobalys.com)
> wrote:
>> Hi,
>> I have been working with Django for two years, in order to fit my
>> systems requirements i have changes some parts of the Django code, One
>> of them the Authorization Framework i have added the next features:
>>
>> -Password Strength Validation with cracklib.
>> -Maximum Login attempts.
>>
>> I want to ask for those features and merge my code with the official
>> Django code.
>>
>> This is my code for the password strength validation:
>>
>> Line 156 from Method clean_new_password2(self) from /django/contrib/
>> auth/forms.py:
>>
>> def clean_new_password2(self):
>> password1 = self.cleaned_data.get('new_password1')
>> password2 = self.cleaned_data.get('new_password2')
>> if password1 and password2:
>> import crack
>> # Increase the number of credits required from the default of 8
>> if you want.
>> crack.min_length = 8
>> try:
>> crack.VeryFascistCheck(password1)
>> except ValueError, message:
>> raise forms.ValidationError("Weak Password, %s." %
>> str(message))
>>
>> if password1 != password2:
>> raise forms.ValidationError("Passwords do not match.
>> Please try again.")
>> return password2
>>
>>
>> Original Method:
>>
>> def clean_new_password2(self):
>> password1 = self.cleaned_data.get('new_password1')
>> password2 = self.cleaned_data.get('new_password2')
>> if password1 and password2:
>> if password1 != password2:
>> raise forms.ValidationError(_("The two password fields
>> didn't match."))
>> return password2
>>
>>
>> -That code i have published includes the import statement inside the
>> method, i did that only to avoid post the entire file here. The code i
>> have is more clean.
>> -It requires cracklib and python-cracklib
>>
>>
>> I have more code to publish but i want to start with this.
>> Opinions?
>>
>> Thanks
>>
>> --
>> You received this message because you are subscribed to the Google Groups
>> "Django developers" group.
>> To post to this group, send email to django-develop...@googlegroups.com.
>> To unsubscribe from this group, send email to
>> django-developers+unsubscr...@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/django-developers?hl=en.
>>
>>
>
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To post to this group, send email to django-develop...@googlegroups.com.
To unsubscribe from this group, send email to
django-developers+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-developers?hl=en.
