Validate passwords

daemon.py

@@ -210,6 +210,7 @@ from shares import expireShares
 from categories import setHashtagCategory
 from languages import getActorLanguages
 from languages import setActorLanguages
+from utils import validPassword
 from utils import removeLineEndings
 from utils import getBaseContentFromPost
 from utils import acctDir
@@ -1490,6 +1491,22 @@ class PubServer(BaseHTTPRequestHandler):
                 return
             self.server.lastLoginTime = int(time.time())
             if register:
+                if not validPassword(loginPassword):
+                    self.server.POSTbusy = False
+                    if callingDomain.endswith('.onion') and onionDomain:
+                        self._redirect_headers('http://' + onionDomain +
+                                               '/login', cookie,
+                                               callingDomain)
+                    elif (callingDomain.endswith('.i2p') and i2pDomain):
+                        self._redirect_headers('http://' + i2pDomain +
+                                               '/login', cookie,
+                                               callingDomain)
+                    else:
+                        self._redirect_headers(httpPrefix + '://' +
+                                               domainFull + '/login',
+                                               cookie, callingDomain)
+                    return
+
                 if not registerAccount(baseDir, httpPrefix, domain, port,
                                        loginNickname, loginPassword,
                                        self.server.manualFollowerApproval):
@@ -4242,7 +4259,7 @@ class PubServer(BaseHTTPRequestHandler):
                             removeLineEndings(fields['password'])
                         fields['passwordconfirm'] = \
                             removeLineEndings(fields['passwordconfirm'])
-                        if len(fields['password']) > 2 and \
+                        if validPassword(fields['password']) and \
                            fields['password'] == fields['passwordconfirm']:
                             # set password
                             storeBasicCredentials(baseDir, nickname,

tests.py

@@ -39,6 +39,7 @@ from follow import clearFollowers
 from follow import sendFollowRequestViaServer
 from follow import sendUnfollowRequestViaServer
 from siteactive import siteIsActive
+from utils import validPassword
 from utils import userAgentDomain
 from utils import camelCaseSplit
 from utils import decodedHost
@@ -4252,9 +4253,18 @@ def _testGetLinksFromContent():
     assert '>@linked</a>' in content
 
 
+def _testValidPassword():
+    print('testValidPassword')
+    assert not validPassword('123')
+    assert not validPassword('')
+    assert not validPassword('Abcdefg1?23456')
+    assert validPassword('Abcdef!g123456')
+
+
 def runAllTests():
     print('Running tests...')
     updateDefaultThemesList(os.getcwd())
+    _testValidPassword()
     _testGetLinksFromContent()
     _testSetActorLanguages()
     _testLimitRepetedWords()

utils.py

@@ -2614,3 +2614,13 @@ def removeLineEndings(text: str) -> str:
     text = text.replace('\n', '')
     text = text.replace('\r', '')
     return text.strip()
+
+
+def validPassword(password: str) -> bool:
+    """Returns true if the given password is valid
+    """
+    if len(password) < 8:
+        return False
+    if not re.match("^[a-zA-Z0-9!]*$", password):
+        return False
+    return True