diff --git a/src/tools.py b/src/tools.py index bb7ded03a..aa344c77c 100644 --- a/src/tools.py +++ b/src/tools.py @@ -71,16 +71,16 @@ def tools_adminpw(new_password, check_strength=True): """ from yunohost.user import _hash_user_password - from yunohost.utils.password import assert_password_is_strong_enough + from yunohost.utils.password import ( + assert_password_is_strong_enough, + assert_password_is_compatible + ) import spwd if check_strength: assert_password_is_strong_enough("admin", new_password) - # UNIX seems to not like password longer than 127 chars ... - # e.g. SSH login gets broken (or even 'su admin' when entering the password) - if len(new_password) >= 127: - raise YunohostValidationError("admin_password_too_long") + assert_password_is_compatible(new_password) new_hash = _hash_user_password(new_password) @@ -226,6 +226,8 @@ def tools_postinstall( raise YunohostValidationError("postinstall_low_rootfsspace") # Check password + assert_password_is_compatible(password) + if not force_password: assert_password_is_strong_enough("admin", password) diff --git a/src/user.py b/src/user.py index 7d023fd83..a9fb442fc 100644 --- a/src/user.py +++ b/src/user.py @@ -143,10 +143,14 @@ def user_create( from yunohost.domain import domain_list, _get_maindomain, _assert_domain_exists from yunohost.hook import hook_callback - from yunohost.utils.password import assert_password_is_strong_enough + from yunohost.utils.password import ( + assert_password_is_strong_enough, + assert_password_is_compatible + ) from yunohost.utils.ldap import _get_ldap_interface - # Ensure sufficiently complex password + # Ensure compatibility and sufficiently complex password + assert_password_is_compatible(password) assert_password_is_strong_enough("user", password) # Validate domain used for email address/xmpp account @@ -365,7 +369,10 @@ def user_update( """ from yunohost.domain import domain_list, _get_maindomain from yunohost.app import app_ssowatconf - from yunohost.utils.password import assert_password_is_strong_enough + from yunohost.utils.password import ( + assert_password_is_strong_enough, + assert_password_is_compatible + ) from yunohost.utils.ldap import _get_ldap_interface from yunohost.hook import hook_callback @@ -414,7 +421,8 @@ def user_update( change_password = Moulinette.prompt( m18n.n("ask_password"), is_password=True, confirm=True ) - # Ensure sufficiently complex password + # Ensure compatibility and sufficiently complex password + assert_password_is_compatible(password) assert_password_is_strong_enough("user", change_password) new_attr_dict["userPassword"] = [_hash_user_password(change_password)] diff --git a/src/utils/password.py b/src/utils/password.py index 5b8372962..a38bc4e23 100644 --- a/src/utils/password.py +++ b/src/utils/password.py @@ -47,7 +47,25 @@ STRENGTH_LEVELS = [ ] +def assert_password_is_compatible(password): + """ + UNIX seems to not like password longer than 127 chars ... + e.g. SSH login gets broken (or even 'su admin' when entering the password) + """ + + if len(password) >= 127: + + # Note that those imports are made here and can't be put + # on top (at least not the moulinette ones) + # because the moulinette needs to be correctly initialized + # as well as modules available in python's path. + from yunohost.utils.error import YunohostValidationError + + raise YunohostValidationError("admin_password_too_long") + + def assert_password_is_strong_enough(profile, password): + PasswordValidator(profile).validate(password)