From a3fbea9a6997d4c2d6c9867071bef2c0cd590e66 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Tue, 20 Jul 2021 21:39:26 +0100 Subject: [PATCH] Validate passwords --- daemon.py | 19 ++++++++++++++++++- tests.py | 10 ++++++++++ utils.py | 10 ++++++++++ 3 files changed, 38 insertions(+), 1 deletion(-) diff --git a/daemon.py b/daemon.py index b47c983a2..cec24bb9c 100644 --- a/daemon.py +++ b/daemon.py @@ -210,6 +210,7 @@ from shares import expireShares from categories import setHashtagCategory from languages import getActorLanguages from languages import setActorLanguages +from utils import validPassword from utils import removeLineEndings from utils import getBaseContentFromPost from utils import acctDir @@ -1490,6 +1491,22 @@ class PubServer(BaseHTTPRequestHandler): return self.server.lastLoginTime = int(time.time()) if register: + if not validPassword(loginPassword): + self.server.POSTbusy = False + if callingDomain.endswith('.onion') and onionDomain: + self._redirect_headers('http://' + onionDomain + + '/login', cookie, + callingDomain) + elif (callingDomain.endswith('.i2p') and i2pDomain): + self._redirect_headers('http://' + i2pDomain + + '/login', cookie, + callingDomain) + else: + self._redirect_headers(httpPrefix + '://' + + domainFull + '/login', + cookie, callingDomain) + return + if not registerAccount(baseDir, httpPrefix, domain, port, loginNickname, loginPassword, self.server.manualFollowerApproval): @@ -4242,7 +4259,7 @@ class PubServer(BaseHTTPRequestHandler): removeLineEndings(fields['password']) fields['passwordconfirm'] = \ removeLineEndings(fields['passwordconfirm']) - if len(fields['password']) > 2 and \ + if validPassword(fields['password']) and \ fields['password'] == fields['passwordconfirm']: # set password storeBasicCredentials(baseDir, nickname, diff --git a/tests.py b/tests.py index 260d813b2..e44517da4 100644 --- a/tests.py +++ b/tests.py @@ -39,6 +39,7 @@ from follow import clearFollowers from follow import sendFollowRequestViaServer from follow import sendUnfollowRequestViaServer from siteactive import siteIsActive +from utils import validPassword from utils import userAgentDomain from utils import camelCaseSplit from utils import decodedHost @@ -4252,9 +4253,18 @@ def _testGetLinksFromContent(): assert '>@linked' in content +def _testValidPassword(): + print('testValidPassword') + assert not validPassword('123') + assert not validPassword('') + assert not validPassword('Abcdefg1?23456') + assert validPassword('Abcdef!g123456') + + def runAllTests(): print('Running tests...') updateDefaultThemesList(os.getcwd()) + _testValidPassword() _testGetLinksFromContent() _testSetActorLanguages() _testLimitRepetedWords() diff --git a/utils.py b/utils.py index c8fd8fb77..ea0be45c5 100644 --- a/utils.py +++ b/utils.py @@ -2614,3 +2614,13 @@ def removeLineEndings(text: str) -> str: text = text.replace('\n', '') text = text.replace('\r', '') return text.strip() + + +def validPassword(password: str) -> bool: + """Returns true if the given password is valid + """ + if len(password) < 8: + return False + if not re.match("^[a-zA-Z0-9!]*$", password): + return False + return True