Merge branch 'cracklib' of https://github.com/YunoHost/yunohost into cracklib

2024-09-03 20:06:10 +02:00 · 2018-10-31 00:17:52 +00:00 · 2018-10-31 00:17:52 +00:00 · f28df1348d
commit f28df1348d
parent 1ce20259cd 5b8c6f45ec
5 changed files with 15 additions and 6 deletions
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
@ -125,6 +125,7 @@ user:
                        pattern: &pattern_password
                            - !!str ^.{3,}$
                            - "pattern_password"
+                        comment: good_practices_about_user_password
                -q:
                    full: --mailbox-quota
                    help: Mailbox size quota
@ -1449,6 +1450,7 @@ tools:
                        password: ask_new_admin_password
                        pattern: *pattern_password
                        required: True
+                        comment: good_practices_about_admin_password

        ### tools_validatepw()
        validatepw:
@ -1498,6 +1500,7 @@ tools:
                        password: ask_new_admin_password
                        pattern: *pattern_password
                        required: True
+                        comment: good_practices_about_admin_password
                --ignore-dyndns:
                    help: Do not subscribe domain to a DynDNS service
                    action: store_true
--- a/locales/en.json
+++ b/locales/en.json
@ -197,6 +197,8 @@
    "global_settings_setting_example_string": "Example string option",
    "global_settings_unknown_setting_from_settings_file": "Unknown key in settings: '{setting_key:s}', discarding it and save it in /etc/yunohost/unkown_settings.json",
    "global_settings_unknown_type": "Unexpected situation, the setting {setting:s} appears to have the type {unknown_type:s} but it's not a type supported by the system.",
+    "good_practices_about_admin_password": "You are now about to define a new administration password. The password should be at least 8 characters - though it is good practice to use longer password (i.e. a passphrase) and/or to use various kind of characters (uppercase, lowercase, digits and special characters).",
+    "good_practices_about_user_password": "You are now about to define a new user password. The password should be at least 8 characters - though it is good practice to use longer password (i.e. a passphrase) and/or to use various kind of characters (uppercase, lowercase, digits and special characters).",
    "hook_exec_failed": "Script execution failed: {path:s}",
    "hook_exec_not_terminated": "Script execution hasn\u2019t terminated: {path:s}",
    "hook_list_by_invalid": "Invalid property to list hook by",
@ -330,7 +332,7 @@
    "packages_upgrade_critical_later": "Critical packages ({packages:s}) will be upgraded later",
    "packages_upgrade_failed": "Unable to upgrade all of the packages",
    "password_listed": "This password is among the most used password in the world. Please choose something a bit more unique.",
-    "password_too_simple_1": "Password needs to be at least 6 characters long",
+    "password_too_simple_1": "Password needs to be at least 8 characters long",
    "password_too_simple_2": "Password needs to be at least 8 characters long and contains digit, upper and lower characters",
    "password_too_simple_3": "Password needs to be at least 8 characters long and contains digit, upper, lower and special characters",
    "password_too_simple_4": "Password needs to be at least 12 characters long and contains digit, upper, lower and special characters",
--- a/src/yunohost/app.py
+++ b/src/yunohost/app.py
@ -2189,11 +2189,15 @@ def _parse_action_args_in_yunohost_format(args, action_args, auth=None):
                    for domain in domain_list(auth)['domains']:
                        msignals.display("- {}".format(domain))

-                if arg_type == 'user':
+                elif arg_type == 'user':
                    msignals.display(m18n.n('users_available'))
                    for user in user_list(auth)['users'].keys():
                        msignals.display("- {}".format(user))

+                elif arg_type == 'password':
+                    msignals.display(m18n.n('good_practices_about_user_password'))
+
+
                try:
                    input_string = msignals.prompt(ask_string, is_password)
                except NotImplementedError:
--- a/src/yunohost/settings.py
+++ b/src/yunohost/settings.py
@ -36,8 +36,8 @@ DEFAULTS = OrderedDict([
    ("example.enum", {"type": "enum", "default": "a", "choices": ["a", "b", "c"]}),

    # Password Validation
-    # -1 disabled, 0 alert if listed, 1 6-letter, 2 normal, 3 strong, 4 strongest
-    ("security.password.admin.strength", {"type": "int", "default": 2}),
+    # -1 disabled, 0 alert if listed, 1 8-letter, 2 normal, 3 strong, 4 strongest
+    ("security.password.admin.strength", {"type": "int", "default": 1}),
    ("security.password.user.strength", {"type": "int", "default": 1}),
 ])

--- a/src/yunohost/utils/password.py
+++ b/src/yunohost/utils/password.py
@ -63,7 +63,7 @@ class PasswordValidator(object):
            self.validation_strength = int(settings[setting_key])
        except Exception as e:
            # Fallback to default value if we can't fetch settings for some reason
-            self.validation_strength = 2 if profile == 'admin' else 1
+            self.validation_strength = 1

    def validate(self, password):
        """
@ -89,7 +89,7 @@ class PasswordValidator(object):

        logger = logging.getLogger('yunohost.utils.password')

-        status, msg = validation_summary(password)
+        status, msg = self.validation_summary(password)
        if status == "error":
            raise MoulinetteError(1, m18n.n(msg))