Using the Pwned Passwords API directly¶
If the validator and middleware do not cover your needs, you can also directly check a password against Pwned Passwords.
Given a password, checks it against the Pwned Passwords database and returns a count of the number of times that password occurs in the database.
The password to check must be a Unicode string (the type
stron Python 3,
unicodeon Python 2). Passing a bytes object (
byteson Python 3,
stron Python 2) will raise
pwned-passwords-django needs to communicate with the Pwned Passwords API in order to check passwords. If Pwned Passwords is down or timing out (the default connection timeout is 1 second), this function will not re-try the check or fall back to an alternate mechanism; it will return
None. Whenever this happens, a message of level
logging.WARNINGwill appear in your logs, indicating what type of failure was encountered in talking to the Pwned Passwords API.
Parameters: password (Unicode string) – The password to check. Return type: