JWP Consulting GK

Projectify Development Log #3

Written by Justus Perlwitz on 2024-04-15

Here are some of the things that have happened since last week’s update.

Password policy implemented

The Projectify sign-up page now implements a password policy. Passwords are checked against a number of rules that Django ships with by default.

The rules at the time of writing are as follows:

Your password can’t be too similar to your other personal information.

Passwords are compared to the user’s email. If they are too similar, the password is rejected.

Your password must contain at least 8 characters.

Your password can’t be a commonly used password.

Your password can’t be entirely numeric.

Short passwords, or passwords using only a small variety of symbols can be brute forced easily and do not contain enough entropy. See here for an overview of password length and how much information entropy it contains.

Passwords can’t be set to popularly used passwords, such as qwerty, 12345678, lol123, and so on. While users are ultimately responsible for setting a safe password themselves, the Projectify software should at least make some effort to guide users to choose better passwords. Commonly used passwords are used quite commonly.

I recommend using a reputable password manager to create and manage random passwords. You can set long passwords containing special characters on Projectify without any worries that it will be truncated or rejected. Many websites have frustrating password complexity restrictions that lead users to choosing weak passwords and ultimately worsen their overall security.

Help pages updated

I’ve rewritten most of the help pages to better reflect the current state of the UI. The previous version of the Projectify help was written with an older UI design and hasn’t been updated since then. A lot of UI component labels have changed, and many times the general layout of the UI has changed as well. You can find the help pages here (external link).

Should you have any questions about how to use Projectify, you can always contact us here (external link).

Task create and update improved

The frontend will now ask users to confirm before they navigate away from a task that they have started creating or updating to prevent accidentally discarding changes.

Technical updates

Here are some of the technical changes to Projectify that improve the behind the scenes functionality of the Projectify software:

The WebSocket API now properly validates HTTP origin headers to prevent cross site request forgeries. This was not implemented correctly in the beginning, and a subsequent pull request on GitHub fixed a configuration issue.

A few modules in the frontend and backend have been simplified and refactored for readability. Two model admins in the Django admin pages have been improved for better usability as well.

An OpenAPI schema for the backend API is now created semi-automatically and I have started using it to validate requests made by the frontend.

When viewing different tasks in the frontend, the previously viewed task would briefly be visible due to a bug in the custom WebSocket store implemented in the frontend. This issue was discovered and fixed in a pull request.

Python was updated on Heroku and CircleCI to use Python version 3.11.6.

The size of the ProjectReadUpdateDelete GET response was reduced to improve dashboard load times when viewing a project.