From cf6eaf364d2deb9fb0aa81b25bafed2997ecd21a Mon Sep 17 00:00:00 2001
From: "theo@manjaro" <ayte@tutanota.com>
Date: Tue, 5 Jul 2022 10:45:21 +0200
Subject: [PATCH] Better password assert placement

---
 src/dyndns.py | 21 +++++++++++----------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/dyndns.py b/src/dyndns.py
index 3db4b7521..02ebe2cca 100644
--- a/src/dyndns.py
+++ b/src/dyndns.py
@@ -88,6 +88,14 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None):
 
     if password is None:
         logger.warning(m18n.n('dyndns_no_recovery_password'))
+    else:
+        from yunohost.utils.password import assert_password_is_strong_enough
+        # Ensure sufficiently complex password
+        if Moulinette.interface.type == "cli" and password==0:
+            password = Moulinette.prompt(
+            m18n.n("ask_password"), is_password=True, confirm=True
+            )
+        assert_password_is_strong_enough("admin", password)
 
     if _guess_current_dyndns_domain() != (None, None):
         raise YunohostValidationError("domain_dyndns_already_subscribed")
@@ -145,13 +153,6 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None):
         b64encoded_key = base64.b64encode(secret.encode()).decode()
         data = {"subdomain": domain}
         if password!=None:
-            from yunohost.utils.password import assert_password_is_strong_enough
-            # Ensure sufficiently complex password
-            if Moulinette.interface.type == "cli" and password==0:
-                password = Moulinette.prompt(
-                m18n.n("ask_password"), is_password=True, confirm=True
-            )
-            assert_password_is_strong_enough("admin", password)
             data["recovery_password"]=hashlib.sha256((domain+":"+password.strip()).encode('utf-8')).hexdigest()
         r = requests.post(
             f"https://{DYNDNS_PROVIDER}/key/{b64encoded_key}?key_algo=hmac-sha512",
@@ -195,17 +196,17 @@ def dyndns_unsubscribe(operation_logger, domain, password=None):
         password -- Password that is used to delete the domain ( defined when subscribing )
     """
 
-    operation_logger.start()
-    
     from yunohost.utils.password import assert_password_is_strong_enough
 
     # Ensure sufficiently complex password
     if Moulinette.interface.type == "cli" and not password:
         password = Moulinette.prompt(
         m18n.n("ask_password"), is_password=True, confirm=True
-    )
+        )
     assert_password_is_strong_enough("admin", password)
 
+    operation_logger.start()
+
     # '165' is the convention identifier for hmac-sha512 algorithm
     # '1234' is idk? doesnt matter, but the old format contained a number here...
     key_file = f"/etc/yunohost/dyndns/K{domain}.+165+1234.key"