Changeset 15286

Timestamp:

9 Jan 2019, 11:47:37 (6 years ago)

Author:

Henrik Bettermann

Message:

Increase password strength. Officers are now required
to set a password which has at least 8 characters, contains
at least one uppercase letter, one lowercase letter and one
digit.

Location:

main/waeup.kofa/trunk

Files:

• CHANGES.txt (modified) (1 diff)
• src/waeup/kofa/authentication.py (modified) (3 diffs)
• src/waeup/kofa/browser/pages.py (modified) (2 diffs)
• src/waeup/kofa/doctests/pages.txt (modified) (2 diffs)
• src/waeup/kofa/interfaces.py (modified) (1 diff)

main/waeup.kofa/trunk/CHANGES.txt

@@ -4 +4 @@
 1.6.1.dev0 (unreleased)
 =======================
+
+* Increase password strength. Officers are now required
+  to set a password which has at least 8 characters, contains
+  at least one uppercase letter, one lowercase letter and one
+  digit.
 
 * Add `AccommodationPaymentsExporter` which can be used by

main/waeup.kofa/trunk/src/waeup/kofa/authentication.py

@@ -20 +20 @@
 import grok
 import time
+import re
+from zope.i18n import translate
 from zope.event import notify
 from zope.component import getUtility, getUtilitiesFor
@@ -43 +45 @@
 from waeup.kofa.utils.batching import BatchProcessor
 from waeup.kofa.permissions import get_all_roles
+from waeup.kofa.interfaces import MessageFactory as _
 
 
@@ -402 +405 @@
     def validate_password(self, pw, pw_repeat):
         errors = []
-        if len(pw) < 3:
-            errors.append('Password must have at least 3 chars.')
+        if len(pw) < 6:
+            errors.append(translate(_('Password must have at least 6 chars.')))
         if pw != pw_repeat:
-            errors.append('Passwords do not match.')
+            errors.append(translate(_('Passwords do not match.')))
+        return errors
+
+    def validate_secured_password(self, pw, pw_repeat):
+        """
+        ^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).{8,}$
+
+        ^              Start anchor
+        (?=.*[A-Z])    Ensure password has one uppercase letters.
+        (?=.*[0-9])    Ensure password has one digit.
+        (?=.*[a-z])    Ensure password has one lowercase letter.
+        .{8,}          Ensure password is of length 8.
+        $              End anchor.
+        """
+        check_pw = re.compile(r"^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).{8,}$").match
+        errors = []
+        if not check_pw(pw):
+            errors.append(translate(_(
+                'Passwords must be at least 8 characters long, '
+                'contain at least one uppercase letter, '
+                'one lowercase letter and one digit.')))
+        if pw != pw_repeat:
+            errors.append(translate(_('Passwords do not match.')))
         return errors
 

main/waeup.kofa/trunk/src/waeup/kofa/browser/pages.py

@@ -859 +859 @@
         if password:
             validator = getUtility(IPasswordValidator)
-            errors = validator.validate_password(password, password_ctl)
+            errors = validator.validate_secured_password(password, password_ctl)
             if errors:
                 self.flash( ' '.join(errors), type='danger')
@@ -903 +903 @@
         if password:
             validator = getUtility(IPasswordValidator)
-            errors = validator.validate_password(password, password_ctl)
+            errors = validator.validate_secured_password(password, password_ctl)
             if errors:
                 self.flash( ' '.join(errors), type='danger')

main/waeup.kofa/trunk/src/waeup/kofa/doctests/pages.txt

@@ -167 +167 @@
   >>> browser.getControl(name="form.name").value = 'bob'
   >>> browser.getControl(name="form.title").value = 'Bob The User'
-  >>> browser.getControl(name="password").value = 'secret'
-  >>> browser.getControl(name="control_password").value = 'secret'
   >>> browser.getControl(name="form.email").value = 'xx@yy.zz'
   >>> browser.getControl(name="form.phone.country").value = ['+234']
   >>> browser.getControl(name="form.phone.area").value = '123'
   >>> browser.getControl(name="form.phone.ext").value = '45678'
+  >>> browser.getControl(name="password").value = 'secret'
+  >>> browser.getControl(name="control_password").value = 'secret'
+  >>> browser.getControl("Add officer").click()
+  >>> print browser.contents
+  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"...
+  ...Passwords must be at least 8 characters long...
+  >>> browser.getControl(name="password").value = 'TOP4secret'
+  >>> browser.getControl(name="control_password").value = 'TOP4secret'
   >>> browser.getControl("Add officer").click()
   >>> print browser.contents
@@ -205 +211 @@
   >>> browser.getControl(name="form.name").value = 'bob'
   >>> browser.getControl(name="form.title").value = 'Bob The User'
-  >>> browser.getControl(name="password").value = 'secret'
-  >>> browser.getControl(name="control_password").value = 'secret'
+  >>> browser.getControl(name="password").value = 'TOP4secret'
+  >>> browser.getControl(name="control_password").value = 'TOP4secret'
   >>> browser.getControl(name="form.email").value = 'xx@yy.zz'
   >>> browser.getControl(name="form.phone.country").value = ['+234']

main/waeup.kofa/trunk/src/waeup/kofa/interfaces.py

@@ -649 +649 @@
         """
 
+    def validate_secured_password(self, pw, pw_repeat):
+        """ Validates a password by comparing it with
+        control password and checks password strength by
+        matching with the regular expression:
+
+        ^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).{8,}$
+
+        ^              Start anchor
+        (?=.*[A-Z])    Ensure password has one uppercase letters.
+        (?=.*[0-9])    Ensure password has one digit.
+        (?=.*[a-z])    Ensure password has one lowercase letter.
+        .{8,}          Ensure password is of length 8.
+        $              End anchor.
+        """
+
 
 class IUsersContainer(IKofaObject):