Here are some things that have happened since last week’s update.
Password policy implemented
The Projectify sign-up page now implements a password policy. Projectify checks passwords using the default Django password validation rules.
The rules at the time of writing are as follows:
Your password can’t be too similar to your other personal information.
The Projectify backend compares a password to the user’s email. If they’re too similar, the backend rejects this password.
Your password must contain at least 8 characters.
Your password can’t be a commonly used password.
Your password can’t be entirely numeric.
Short passwords, or passwords using only a small variety of symbols don’t have enough entropy and may be brute forced. See here for an overview of password length and how much information entropy it contains.
Popularly used passwords, such as qwerty, 12345678, or lol123 are unsafe. While users are responsible for setting a safe password themselves, the Projectify registration should at least make some effort to guide users to choose better passwords. Users commonly use common passwords.
I recommend using a reputable password manager to create and manage random passwords. You can set long passwords containing non-alphanumeric characters on Projectify without any worries that it the server truncates or rejects it. Many websites have frustrating password complexity restrictions that lead users to choosing weak passwords and worsen their security.
Help pages updated
The new update rewrites most of the help pages to better reflect the current state of the UI. The previous version of the Projectify help describes an older UI design and it hasn’t evolved since then. A lot of UI component labels have changed, and many times the general layout of the UI has changed as well. You can find the help pages here (external link).
Should you have any questions about how to use Projectify, you can always contact us here (external link).
Task create and update improved
The frontend now asks users to confirm before they navigate away from a task that they have started creating or updating to prevent discarding changes by accident.
Technical updates
Here are some technical changes to Projectify that improve the behind the scenes features of the Projectify app:
The WebSocket API now validates HTTP origin headers to prevent cross site request forgeries. This wasn’t implemented correctly in the beginning, and a follow-up pull request on GitHub fixed a configuration issue.
The new update simplifies and refactors a few modules in the frontend and backend for better readability. Two model admins pages in the Projectify administration site have improved their usability as well.
An OpenAPI schema for the backend API is now created semi-automatically and I have started using it to type-check requests made by the frontend.
When viewing different tasks in the frontend, the task viewed before would flash for less than a second. This was due to a bug in the custom WebSocket store implemented in the frontend. A pull request fixed this issue after discovery.
The Projectify backend now uses Python 3.11.6 on Heroku and CircleCI.
The new update reduces the size of the ProjectReadUpdateDelete GET response in this pull request. This improves dashboard load times when viewing a project.