Validate passwords

2021-07-20 21:39:26 +01:00 · 2021-07-20 21:39:26 +01:00 · a3fbea9a69
parent f3a4190ad0
commit a3fbea9a69
3 changed files with 38 additions and 1 deletions
--- a/daemon.py
+++ b/daemon.py
@ -210,6 +210,7 @@ from shares import expireShares
 from categories import setHashtagCategory
 from languages import getActorLanguages
 from languages import setActorLanguages
+from utils import validPassword
 from utils import removeLineEndings
 from utils import getBaseContentFromPost
 from utils import acctDir
@ -1490,6 +1491,22 @@ class PubServer(BaseHTTPRequestHandler):
                return
            self.server.lastLoginTime = int(time.time())
            if register:
+                if not validPassword(loginPassword):
+                    self.server.POSTbusy = False
+                    if callingDomain.endswith('.onion') and onionDomain:
+                        self._redirect_headers('http://' + onionDomain +
+                                               '/login', cookie,
+                                               callingDomain)
+                    elif (callingDomain.endswith('.i2p') and i2pDomain):
+                        self._redirect_headers('http://' + i2pDomain +
+                                               '/login', cookie,
+                                               callingDomain)
+                    else:
+                        self._redirect_headers(httpPrefix + '://' +
+                                               domainFull + '/login',
+                                               cookie, callingDomain)
+                    return
+
                if not registerAccount(baseDir, httpPrefix, domain, port,
                                       loginNickname, loginPassword,
                                       self.server.manualFollowerApproval):
@ -4242,7 +4259,7 @@ class PubServer(BaseHTTPRequestHandler):
                            removeLineEndings(fields['password'])
                        fields['passwordconfirm'] = \
                            removeLineEndings(fields['passwordconfirm'])
-                        if len(fields['password']) > 2 and \
+                        if validPassword(fields['password']) and \
                           fields['password'] == fields['passwordconfirm']:
                            # set password
                            storeBasicCredentials(baseDir, nickname,
--- a/tests.py
+++ b/tests.py
@ -39,6 +39,7 @@ from follow import clearFollowers
 from follow import sendFollowRequestViaServer
 from follow import sendUnfollowRequestViaServer
 from siteactive import siteIsActive
+from utils import validPassword
 from utils import userAgentDomain
 from utils import camelCaseSplit
 from utils import decodedHost
@ -4252,9 +4253,18 @@ def _testGetLinksFromContent():
    assert '>@linked</a>' in content


+def _testValidPassword():
+    print('testValidPassword')
+    assert not validPassword('123')
+    assert not validPassword('')
+    assert not validPassword('Abcdefg1?23456')
+    assert validPassword('Abcdef!g123456')
+
+
 def runAllTests():
    print('Running tests...')
    updateDefaultThemesList(os.getcwd())
+    _testValidPassword()
    _testGetLinksFromContent()
    _testSetActorLanguages()
    _testLimitRepetedWords()
--- a/utils.py
+++ b/utils.py
@ -2614,3 +2614,13 @@ def removeLineEndings(text: str) -> str:
    text = text.replace('\n', '')
    text = text.replace('\r', '')
    return text.strip()
+
+
+def validPassword(password: str) -> bool:
+    """Returns true if the given password is valid
+    """
+    if len(password) < 8:
+        return False
+    if not re.match("^[a-zA-Z0-9!]*$", password):
+        return False
+    return True