From fdca9e1041822ad0840fc98727f90543dca4f986 Mon Sep 17 00:00:00 2001 From: ljf Date: Sat, 16 Jul 2022 01:12:54 +0200 Subject: [PATCH 1/5] [fix] Be able to redo postinstall after 128+ chars password --- src/tools.py | 9 ++++----- src/user.py | 6 ++++-- src/utils/password.py | 18 ++++++++++++++++++ 3 files changed, 26 insertions(+), 7 deletions(-) diff --git a/src/tools.py b/src/tools.py index bb7ded03a..32be88c94 100644 --- a/src/tools.py +++ b/src/tools.py @@ -50,7 +50,7 @@ from yunohost.utils.packages import ( _list_upgradable_apt_packages, ynh_packages_version, ) -from yunohost.utils.error import YunohostError, YunohostValidationError +from yunohost.utils.error import yunohosterror, yunohostvalidationerror from yunohost.log import is_unit_operation, OperationLogger MIGRATIONS_STATE_PATH = "/etc/yunohost/migrations.yaml" @@ -77,10 +77,7 @@ def tools_adminpw(new_password, check_strength=True): if check_strength: assert_password_is_strong_enough("admin", new_password) - # UNIX seems to not like password longer than 127 chars ... - # e.g. SSH login gets broken (or even 'su admin' when entering the password) - if len(new_password) >= 127: - raise YunohostValidationError("admin_password_too_long") + assert_password_is_compatible(new_password) new_hash = _hash_user_password(new_password) @@ -226,6 +223,8 @@ def tools_postinstall( raise YunohostValidationError("postinstall_low_rootfsspace") # Check password + assert_password_is_compatible(password) + if not force_password: assert_password_is_strong_enough("admin", password) diff --git a/src/user.py b/src/user.py index 7d023fd83..4549a1c0f 100644 --- a/src/user.py +++ b/src/user.py @@ -146,7 +146,8 @@ def user_create( from yunohost.utils.password import assert_password_is_strong_enough from yunohost.utils.ldap import _get_ldap_interface - # Ensure sufficiently complex password + # Ensure compatibility and sufficiently complex password + assert_password_is_compatible(password) assert_password_is_strong_enough("user", password) # Validate domain used for email address/xmpp account @@ -414,7 +415,8 @@ def user_update( change_password = Moulinette.prompt( m18n.n("ask_password"), is_password=True, confirm=True ) - # Ensure sufficiently complex password + # Ensure compatibility and sufficiently complex password + assert_password_is_compatible(password) assert_password_is_strong_enough("user", change_password) new_attr_dict["userPassword"] = [_hash_user_password(change_password)] diff --git a/src/utils/password.py b/src/utils/password.py index 5b8372962..a38bc4e23 100644 --- a/src/utils/password.py +++ b/src/utils/password.py @@ -47,7 +47,25 @@ STRENGTH_LEVELS = [ ] +def assert_password_is_compatible(password): + """ + UNIX seems to not like password longer than 127 chars ... + e.g. SSH login gets broken (or even 'su admin' when entering the password) + """ + + if len(password) >= 127: + + # Note that those imports are made here and can't be put + # on top (at least not the moulinette ones) + # because the moulinette needs to be correctly initialized + # as well as modules available in python's path. + from yunohost.utils.error import YunohostValidationError + + raise YunohostValidationError("admin_password_too_long") + + def assert_password_is_strong_enough(profile, password): + PasswordValidator(profile).validate(password) From fdaf9fc0987914769d1557ed8d4d4f74e5255aca Mon Sep 17 00:00:00 2001 From: "ljf (zamentur)" Date: Wed, 3 Aug 2022 14:51:00 +0200 Subject: [PATCH 2/5] [fix] Import assert_password_is_compatible --- src/tools.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/tools.py b/src/tools.py index 32be88c94..1900b3fc9 100644 --- a/src/tools.py +++ b/src/tools.py @@ -71,7 +71,10 @@ def tools_adminpw(new_password, check_strength=True): """ from yunohost.user import _hash_user_password - from yunohost.utils.password import assert_password_is_strong_enough + from yunohost.utils.password import ( + assert_password_is_strong_enough, + assert_password_is_compatible + ) import spwd if check_strength: From f705d81e1786fdea47c2fdd85cc99373b560c57d Mon Sep 17 00:00:00 2001 From: "ljf (zamentur)" Date: Wed, 3 Aug 2022 14:51:19 +0200 Subject: [PATCH 3/5] [fix] Bad importation --- src/tools.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/tools.py b/src/tools.py index 1900b3fc9..aa344c77c 100644 --- a/src/tools.py +++ b/src/tools.py @@ -50,7 +50,7 @@ from yunohost.utils.packages import ( _list_upgradable_apt_packages, ynh_packages_version, ) -from yunohost.utils.error import yunohosterror, yunohostvalidationerror +from yunohost.utils.error import YunohostError, YunohostValidationError from yunohost.log import is_unit_operation, OperationLogger MIGRATIONS_STATE_PATH = "/etc/yunohost/migrations.yaml" From 6d8a18e71b43c8560df3cd98e1dbec948fd1f6b9 Mon Sep 17 00:00:00 2001 From: "ljf (zamentur)" Date: Wed, 3 Aug 2022 14:52:17 +0200 Subject: [PATCH 4/5] [fix] Missing import --- src/user.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/user.py b/src/user.py index 4549a1c0f..ca7e525a7 100644 --- a/src/user.py +++ b/src/user.py @@ -143,7 +143,10 @@ def user_create( from yunohost.domain import domain_list, _get_maindomain, _assert_domain_exists from yunohost.hook import hook_callback - from yunohost.utils.password import assert_password_is_strong_enough + from yunohost.utils.password import ( + assert_password_is_strong_enough, + assert_password_is_compatible + ) from yunohost.utils.ldap import _get_ldap_interface # Ensure compatibility and sufficiently complex password From 7c28edd255efdd2647f6f4014716044903ac7d4a Mon Sep 17 00:00:00 2001 From: "ljf (zamentur)" Date: Wed, 3 Aug 2022 14:53:56 +0200 Subject: [PATCH 5/5] [fix] Missing import --- src/user.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/user.py b/src/user.py index ca7e525a7..a9fb442fc 100644 --- a/src/user.py +++ b/src/user.py @@ -369,7 +369,10 @@ def user_update( """ from yunohost.domain import domain_list, _get_maindomain from yunohost.app import app_ssowatconf - from yunohost.utils.password import assert_password_is_strong_enough + from yunohost.utils.password import ( + assert_password_is_strong_enough, + assert_password_is_compatible + ) from yunohost.utils.ldap import _get_ldap_interface from yunohost.hook import hook_callback