From 73760c4a7da7b28fa56c748f35b4b3d43c5f88d8 Mon Sep 17 00:00:00 2001
From: Julien Malik <julien.malik@paraiso.me>
Date: Thu, 3 Mar 2016 18:50:10 +0100
Subject: [PATCH] [enh] implement password checks with cracklib to detect too
 weak passwords

---
 src/yunohost/user.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/yunohost/user.py b/src/yunohost/user.py
index ec7dd539c..8e2bf4d63 100644
--- a/src/yunohost/user.py
+++ b/src/yunohost/user.py
@@ -32,12 +32,18 @@ import errno
 import subprocess
 import math
 import re
+import cracklib
 
 from moulinette.core import MoulinetteError
 from moulinette.utils.log import getActionLogger
 
 logger = getActionLogger('yunohost.user')
 
+def _check_password(password):
+    try:
+      cracklib.VeryFascistCheck(password)
+    except ValueError as e:
+      raise MoulinetteError(errno.EINVAL, m18n.n('password_too_weak') + " : " + str(e) )
 
 def user_list(auth, fields=None, filter=None, limit=None, offset=None):
     """
@@ -110,6 +116,9 @@ def user_create(auth, username, firstname, lastname, mail, password,
     from yunohost.hook import hook_callback
     from yunohost.app import app_ssowatconf
 
+    # Ensure sufficiently complex password
+    _check_password(password)
+
     # Validate uniqueness of username and mail in LDAP
     auth.validate_uniqueness({
         'uid'       : username,
@@ -291,6 +300,9 @@ def user_update(auth, username, firstname=None, lastname=None, mail=None,
         new_attr_dict['cn'] = new_attr_dict['displayName'] = firstname + ' ' + lastname
 
     if change_password:
+        # Ensure sufficiently complex password
+        _check_password(change_password)
+
         char_set = string.ascii_uppercase + string.digits
         salt = ''.join(random.sample(char_set,8))
         salt = '$1$' + salt + '$'