From 55d4033c5b62af569482a7e3065e35526a85722a Mon Sep 17 00:00:00 2001 From: Christian Merten Date: Sat, 18 Mar 2023 15:11:06 +0100 Subject: [PATCH] settings: use stronger hash algorithm bcrypt --- jdav_web/jdav_web/settings.py | 10 ++++++++++ requirements.txt | 9 +++++++++ 2 files changed, 19 insertions(+) diff --git a/jdav_web/jdav_web/settings.py b/jdav_web/jdav_web/settings.py index 1ba12ac..514a676 100644 --- a/jdav_web/jdav_web/settings.py +++ b/jdav_web/jdav_web/settings.py @@ -245,3 +245,13 @@ JET_CHANGE_FORM_SIBLING_LINKS = False GRACE_PERIOD_WAITING_CONFIRMATION = 30 WAITING_CONFIRMATION_FREQUENCY = 90 + +# password hash algorithms used + +PASSWORD_HASHERS = [ + 'django.contrib.auth.hashers.BCryptPasswordHasher', + 'django.contrib.auth.hashers.PBKDF2PasswordHasher', + 'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher', + 'django.contrib.auth.hashers.Argon2PasswordHasher', + 'django.contrib.auth.hashers.ScryptPasswordHasher', +] diff --git a/requirements.txt b/requirements.txt index 8ca9742..1afdf87 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,6 +1,7 @@ amqp==5.0.9 asgiref==3.4.1 auditlog3==1.0.1 +bcrypt==4.0.1 billiard==3.6.4.0 celery==5.2.3 certifi==2021.10.8 @@ -9,10 +10,14 @@ click==8.0.3 click-didyoumean==0.3.0 click-plugins==1.1.1 click-repl==0.2.0 +cron-descriptor==1.2.35 Deprecated==1.2.13 Django==4.0.1 django-appconf==1.0.5 +django-celery-beat==2.5.0 django-celery-email==3.0.0 +django-nested-admin==4.0.2 +django-timezone-field==5.0 idna==3.3 kombu==5.2.3 mysqlclient==2.1.0 @@ -20,11 +25,15 @@ packaging==21.3 Pillow==9.0.0 prompt-toolkit==3.0.24 pyparsing==3.0.6 +python-crontab==2.7.1 +python-dateutil==2.8.2 +python-monkey-business==1.0.0 pytz==2021.3 redis==4.1.0 requests==2.27.1 six==1.16.0 sqlparse==0.4.2 +tzdata==2022.7 urllib3==1.26.8 vine==5.0.0 wcwidth==0.2.5