YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Better password assert placement

Browse source
This commit is contained in:
theo@manjaro 2022-07-05 10:45:21 +02:00
parent ac60516638
commit cf6eaf364d
1 changed files with 11 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
src/dyndns.py
View file

@ -88,6 +88,14 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None):
if password is None: if password is None:
logger.warning(m18n.n('dyndns_no_recovery_password')) logger.warning(m18n.n('dyndns_no_recovery_password'))
else:
from yunohost.utils.password import assert_password_is_strong_enough
# Ensure sufficiently complex password
if Moulinette.interface.type == "cli" and password==0:
password = Moulinette.prompt(
m18n.n("ask_password"), is_password=True, confirm=True
)
assert_password_is_strong_enough("admin", password)
if _guess_current_dyndns_domain() != (None, None): if _guess_current_dyndns_domain() != (None, None):
raise YunohostValidationError("domain_dyndns_already_subscribed") raise YunohostValidationError("domain_dyndns_already_subscribed")
@ -145,13 +153,6 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None):
b64encoded_key = base64.b64encode(secret.encode()).decode() b64encoded_key = base64.b64encode(secret.encode()).decode()
data = {"subdomain": domain} data = {"subdomain": domain}
if password!=None: if password!=None:
from yunohost.utils.password import assert_password_is_strong_enough
# Ensure sufficiently complex password
if Moulinette.interface.type == "cli" and password==0:
password = Moulinette.prompt(
m18n.n("ask_password"), is_password=True, confirm=True
)
assert_password_is_strong_enough("admin", password)
data["recovery_password"]=hashlib.sha256((domain+":"+password.strip()).encode('utf-8')).hexdigest() data["recovery_password"]=hashlib.sha256((domain+":"+password.strip()).encode('utf-8')).hexdigest()
r = requests.post( r = requests.post(
f"https://{DYNDNS_PROVIDER}/key/{b64encoded_key}?key_algo=hmac-sha512", f"https://{DYNDNS_PROVIDER}/key/{b64encoded_key}?key_algo=hmac-sha512",
@ -195,17 +196,17 @@ def dyndns_unsubscribe(operation_logger, domain, password=None):
password -- Password that is used to delete the domain ( defined when subscribing ) password -- Password that is used to delete the domain ( defined when subscribing )
""" """
operation_logger.start()
from yunohost.utils.password import assert_password_is_strong_enough from yunohost.utils.password import assert_password_is_strong_enough
# Ensure sufficiently complex password # Ensure sufficiently complex password
if Moulinette.interface.type == "cli" and not password: if Moulinette.interface.type == "cli" and not password:
password = Moulinette.prompt( password = Moulinette.prompt(
m18n.n("ask_password"), is_password=True, confirm=True m18n.n("ask_password"), is_password=True, confirm=True
) )
assert_password_is_strong_enough("admin", password) assert_password_is_strong_enough("admin", password)
operation_logger.start()
# '165' is the convention identifier for hmac-sha512 algorithm # '165' is the convention identifier for hmac-sha512 algorithm
# '1234' is idk? doesnt matter, but the old format contained a number here... # '1234' is idk? doesnt matter, but the old format contained a number here...
key_file = f"/etc/yunohost/dyndns/K{domain}.+165+1234.key" key_file = f"/etc/yunohost/dyndns/K{domain}.+165+1234.key"