Better password assert placement

2024-09-03 20:06:10 +02:00 · 2022-07-05 10:45:21 +02:00 · 2022-07-05 10:45:21 +02:00 · cf6eaf364d
commit cf6eaf364d
parent ac60516638
1 changed files with 11 additions and 10 deletions
--- a/src/dyndns.py
+++ b/src/dyndns.py
@ -88,6 +88,14 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None):

    if password is None:
        logger.warning(m18n.n('dyndns_no_recovery_password'))
+    else:
+        from yunohost.utils.password import assert_password_is_strong_enough
+        # Ensure sufficiently complex password
+        if Moulinette.interface.type == "cli" and password==0:
+            password = Moulinette.prompt(
+            m18n.n("ask_password"), is_password=True, confirm=True
+            )
+        assert_password_is_strong_enough("admin", password)

    if _guess_current_dyndns_domain() != (None, None):
        raise YunohostValidationError("domain_dyndns_already_subscribed")
@ -145,13 +153,6 @@ def dyndns_subscribe(operation_logger, domain=None, key=None, password=None):
        b64encoded_key = base64.b64encode(secret.encode()).decode()
        data = {"subdomain": domain}
        if password!=None:
-            from yunohost.utils.password import assert_password_is_strong_enough
-            # Ensure sufficiently complex password
-            if Moulinette.interface.type == "cli" and password==0:
-                password = Moulinette.prompt(
-                m18n.n("ask_password"), is_password=True, confirm=True
-            )
-            assert_password_is_strong_enough("admin", password)
            data["recovery_password"]=hashlib.sha256((domain+":"+password.strip()).encode('utf-8')).hexdigest()
        r = requests.post(
            f"https://{DYNDNS_PROVIDER}/key/{b64encoded_key}?key_algo=hmac-sha512",
@ -195,17 +196,17 @@ def dyndns_unsubscribe(operation_logger, domain, password=None):
        password -- Password that is used to delete the domain ( defined when subscribing )
    """

-    operation_logger.start()
-    
    from yunohost.utils.password import assert_password_is_strong_enough

    # Ensure sufficiently complex password
    if Moulinette.interface.type == "cli" and not password:
        password = Moulinette.prompt(
        m18n.n("ask_password"), is_password=True, confirm=True
-    )
+        )
    assert_password_is_strong_enough("admin", password)

+    operation_logger.start()
+
    # '165' is the convention identifier for hmac-sha512 algorithm
    # '1234' is idk? doesnt matter, but the old format contained a number here...
    key_file = f"/etc/yunohost/dyndns/K{domain}.+165+1234.key"