Merge pull request #1476 from YunoHost/fix-postinstall-127-password

[fix] Be able to redo postinstall after 128+ chars password

src/tools.py

@@ -71,16 +71,16 @@ def tools_adminpw(new_password, check_strength=True):
 
     """
     from yunohost.user import _hash_user_password
-    from yunohost.utils.password import assert_password_is_strong_enough
+    from yunohost.utils.password import (
+        assert_password_is_strong_enough,
+        assert_password_is_compatible
+    )
     import spwd
 
     if check_strength:
         assert_password_is_strong_enough("admin", new_password)
 
-    # UNIX seems to not like password longer than 127 chars ...
+    assert_password_is_compatible(new_password)
-    # e.g. SSH login gets broken (or even 'su admin' when entering the password)
-    if len(new_password) >= 127:
-        raise YunohostValidationError("admin_password_too_long")
 
     new_hash = _hash_user_password(new_password)
 
@@ -226,6 +226,8 @@ def tools_postinstall(
         raise YunohostValidationError("postinstall_low_rootfsspace")
 
     # Check password
+    assert_password_is_compatible(password)
+
     if not force_password:
         assert_password_is_strong_enough("admin", password)
 

src/user.py

@@ -143,10 +143,14 @@ def user_create(
 
     from yunohost.domain import domain_list, _get_maindomain, _assert_domain_exists
     from yunohost.hook import hook_callback
-    from yunohost.utils.password import assert_password_is_strong_enough
+    from yunohost.utils.password import (
+        assert_password_is_strong_enough,
+        assert_password_is_compatible
+    )
     from yunohost.utils.ldap import _get_ldap_interface
 
-    # Ensure sufficiently complex password
+    # Ensure compatibility and sufficiently complex password
+    assert_password_is_compatible(password)
     assert_password_is_strong_enough("user", password)
 
     # Validate domain used for email address/xmpp account
@@ -365,7 +369,10 @@ def user_update(
     """
     from yunohost.domain import domain_list, _get_maindomain
     from yunohost.app import app_ssowatconf
-    from yunohost.utils.password import assert_password_is_strong_enough
+    from yunohost.utils.password import (
+        assert_password_is_strong_enough,
+        assert_password_is_compatible
+    )
     from yunohost.utils.ldap import _get_ldap_interface
     from yunohost.hook import hook_callback
 
@@ -414,7 +421,8 @@ def user_update(
             change_password = Moulinette.prompt(
                 m18n.n("ask_password"), is_password=True, confirm=True
             )
-        # Ensure sufficiently complex password
+        # Ensure compatibility and sufficiently complex password
+        assert_password_is_compatible(password)
         assert_password_is_strong_enough("user", change_password)
 
         new_attr_dict["userPassword"] = [_hash_user_password(change_password)]

src/utils/password.py

@@ -47,7 +47,25 @@ STRENGTH_LEVELS = [
 ]
 
 
+def assert_password_is_compatible(password):
+    """
+    UNIX seems to not like password longer than 127 chars ...
+    e.g. SSH login gets broken (or even 'su admin' when entering the password)
+    """
+
+    if len(password) >= 127:
+
+        # Note that those imports are made here and can't be put
+        # on top (at least not the moulinette ones)
+        # because the moulinette needs to be correctly initialized
+        # as well as modules available in python's path.
+        from yunohost.utils.error import YunohostValidationError
+
+        raise YunohostValidationError("admin_password_too_long")
+
+
 def assert_password_is_strong_enough(profile, password):
+
     PasswordValidator(profile).validate(password)