[bug 864876] Remove password blacklisting code.

apps/users/forms.py

@@ -17,7 +17,7 @@ from sumo.widgets import ImageWidget
 from upload.forms import clean_image_extension
 from upload.utils import check_file_size, FileTooLargeError
 from users.models import Profile
-from users.passwords import password_allowed, username_allowed
+from users.passwords import username_allowed
 from users.widgets import FacebookURLWidget, TwitterURLWidget
 
 
@@ -353,11 +353,6 @@ class PasswordResetForm(DjangoPasswordResetForm):
 
 def _check_password(password):
     if password:  # Oddly, empty password validation happens after this.
-        if not password_allowed(password):
-            msg = _('The password entered is known to be commonly used and '
-                    'is not allowed.')
-            raise forms.ValidationError(msg)
-
         if not password_re.search(password):
             msg = _('At least one number and one English letter are required '
                     'in the password.')

apps/users/passwords.py

@@ -4,7 +4,6 @@ from django.core.cache import cache
 from django.conf import settings
 
 
-PASSWORD_CACHE_KEY = 'password-blacklist'
 USERNAME_CACHE_KEY = 'username-blacklist'
 
 
@@ -26,12 +25,3 @@ def username_allowed(username):
         usernames.add(u)
     # Do any match the bad words?
     return not usernames.intersection(blacklist)
-
-
-def password_allowed(password):
-    blacklist = cache.get(PASSWORD_CACHE_KEY)
-    if blacklist is None:
-        f = open(settings.PASSWORD_BLACKLIST, 'r')
-        blacklist = [w.strip() for w in f.readlines()]
-        cache.set(PASSWORD_CACHE_KEY, blacklist)
-    return password not in blacklist

configs/README.txt

@@ -2,9 +2,8 @@
  README
 ========
 
-The `password-blacklist.txt` and `username-blacklist.txt` files are
-here as a courtesy for development. They are not what we use in
-production.
+The `username-blacklist.txt` file here as a courtesy for
+development. It is not what we use in production.
 
 We don't update these files. If you run Kitsune in production,
 you'll want to use your own.

configs/password-blacklist.txt

@@ -1,8 +0,0 @@
-password
-passwrd
-password123
-password12
-password12
-password1234
-firefox
-mozilla

settings.py

@@ -352,7 +352,6 @@ PASSWORD_HASHERS = (
     'users.hashers.SHA256PasswordHasher',
 )
 
-PASSWORD_BLACKLIST = path('configs/password-blacklist.txt')
 USERNAME_BLACKLIST = path('configs/username-blacklist.txt')
 
 ROOT_URLCONF = '%s.urls' % ROOT_PACKAGE