[enh] Validate password as configured

2024-09-03 20:06:27 +02:00 · 2018-08-28 21:33:19 +02:00 · 2018-08-28 21:33:19 +02:00 · ab8b040174
commit ab8b040174
parent 6e1e1e10ff
2 changed files with 34 additions and 11 deletions
--- a/helpers.lua
+++ b/helpers.lua
@ -626,6 +626,13 @@ function edit_user()
            then
                -- and the new password against the confirmation field's content
                if args.newpassword == args.confirm then
+                    -- Check password validity
+                    local validatepw = io.popen("python /usr/lib/moulinette/yunohost/utils/password.py '" ..args.newpassword:gsub("'", "'\\''").."' 2>&1  || echo ::ERROR::", 'r')
+                    local validation = validatepw:read()
+                    local validation_error = validatepw:read()
+                    validatepw:close()
+                    if validation_error == nil then
+
                        local dn = conf["ldap_identifier"].."="..user..","..conf["ldap_group"]

                        -- Open the LDAP connection
@ -635,7 +642,11 @@ function edit_user()

                        -- Modify the LDAP information
                        if ldap:modify(dn, {'=', userPassword = password }) then
+                            if validation == nil then
                                flash("win", t("password_changed"))
+                            else
+                                flash("win", t(validation))
+                            end

                            -- Reset the password cache
                            cache:set(user.."-password", args.newpassword, conf["session_timeout"])
@ -643,6 +654,9 @@ function edit_user()
                        else
                            flash("fail", t("password_changed_error"))
                        end
+                    else
+                        flash("fail", t(validation))
+                    end
                else
                    flash("fail", t("password_not_match"))
                end
--- a/portal/locales/en.json
+++ b/portal/locales/en.json
@ -22,6 +22,15 @@
   "password_changed": "Password successfully changed",
   "password_changed_error": "An error occurred on password changing",
   "password_not_match": "New passwords don't match",
+   "password_too_simple_1": "Password needs to be at least 6 characters long",
+   "password_too_simple_2": "Password needs to be at least 8 characters long and contains digit, upper and lower characters",
+   "password_too_simple_3": "Password needs to be at least 8 characters long and contains digit, upper, lower and special characters",
+   "password_too_simple_4": "Password needs to be at least 12 characters long and contains digit, upper, lower and special characters",
+   "password_listed_1": "This password is in a well known list. Please make it unique. Password needs to be at least 6 characters long",
+   "password_listed_2": "This password is in a well known list. Please make it unique. Password needs to be at least 8 characters long and contains digit, upper and lower characters",
+   "password_listed_3": "This password is in a well known list. Please make it unique. Password needs to be at least 8 characters long and contains digit, upper, lower and special characters",
+   "password_listed_4": "This password is in a well known list. Please make it unique. Password needs to be at least 12 characters long and contains digit, upper, lower and special characters",
+   "password_advice": "Password successfully changed. Note: to improve your password make it with at least 8 characters and put digits, upper, lower and special characters",
   "wrong_current_password": "Current password is wrong",
   "invalid_mail": "Invalid mail address",
   "invalid_domain": "Invalid domain in",