Ignore:
Timestamp:
9 Jan 2019, 11:47:37 (6 years ago)
Author:
Henrik Bettermann
Message:

Increase password strength. Officers are now required
to set a password which has at least 8 characters, contains
at least one uppercase letter, one lowercase letter and one
digit.

Location:
main/waeup.kofa/trunk/src/waeup/kofa
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • main/waeup.kofa/trunk/src/waeup/kofa/authentication.py

    r14670 r15286  
    2020import grok
    2121import time
     22import re
     23from zope.i18n import translate
    2224from zope.event import notify
    2325from zope.component import getUtility, getUtilitiesFor
     
    4345from waeup.kofa.utils.batching import BatchProcessor
    4446from waeup.kofa.permissions import get_all_roles
     47from waeup.kofa.interfaces import MessageFactory as _
    4548
    4649
     
    402405    def validate_password(self, pw, pw_repeat):
    403406        errors = []
    404         if len(pw) < 3:
    405             errors.append('Password must have at least 3 chars.')
     407        if len(pw) < 6:
     408            errors.append(translate(_('Password must have at least 6 chars.')))
    406409        if pw != pw_repeat:
    407             errors.append('Passwords do not match.')
     410            errors.append(translate(_('Passwords do not match.')))
     411        return errors
     412
     413    def validate_secured_password(self, pw, pw_repeat):
     414        """
     415        ^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).{8,}$
     416
     417        ^              Start anchor
     418        (?=.*[A-Z])    Ensure password has one uppercase letters.
     419        (?=.*[0-9])    Ensure password has one digit.
     420        (?=.*[a-z])    Ensure password has one lowercase letter.
     421        .{8,}          Ensure password is of length 8.
     422        $              End anchor.
     423        """
     424        check_pw = re.compile(r"^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).{8,}$").match
     425        errors = []
     426        if not check_pw(pw):
     427            errors.append(translate(_(
     428                'Passwords must be at least 8 characters long, '
     429                'contain at least one uppercase letter, '
     430                'one lowercase letter and one digit.')))
     431        if pw != pw_repeat:
     432            errors.append(translate(_('Passwords do not match.')))
    408433        return errors
    409434

  • main/waeup.kofa/trunk/src/waeup/kofa/browser/pages.py

    r15163 r15286  
    859859        if password:
    860860            validator = getUtility(IPasswordValidator)
    861             errors = validator.validate_password(password, password_ctl)
     861            errors = validator.validate_secured_password(password, password_ctl)
    862862            if errors:
    863863                self.flash( ' '.join(errors), type='danger')
     
    903903        if password:
    904904            validator = getUtility(IPasswordValidator)
    905             errors = validator.validate_password(password, password_ctl)
     905            errors = validator.validate_secured_password(password, password_ctl)
    906906            if errors:
    907907                self.flash( ' '.join(errors), type='danger')

  • main/waeup.kofa/trunk/src/waeup/kofa/doctests/pages.txt

    r14648 r15286  
    167167  >>> browser.getControl(name="form.name").value = 'bob'
    168168  >>> browser.getControl(name="form.title").value = 'Bob The User'
    169   >>> browser.getControl(name="password").value = 'secret'
    170   >>> browser.getControl(name="control_password").value = 'secret'
    171169  >>> browser.getControl(name="form.email").value = 'xx@yy.zz'
    172170  >>> browser.getControl(name="form.phone.country").value = ['+234']
    173171  >>> browser.getControl(name="form.phone.area").value = '123'
    174172  >>> browser.getControl(name="form.phone.ext").value = '45678'
     173  >>> browser.getControl(name="password").value = 'secret'
     174  >>> browser.getControl(name="control_password").value = 'secret'
     175  >>> browser.getControl("Add officer").click()
     176  >>> print browser.contents
     177  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"...
     178  ...Passwords must be at least 8 characters long...
     179  >>> browser.getControl(name="password").value = 'TOP4secret'
     180  >>> browser.getControl(name="control_password").value = 'TOP4secret'
    175181  >>> browser.getControl("Add officer").click()
    176182  >>> print browser.contents
     
    205211  >>> browser.getControl(name="form.name").value = 'bob'
    206212  >>> browser.getControl(name="form.title").value = 'Bob The User'
    207   >>> browser.getControl(name="password").value = 'secret'
    208   >>> browser.getControl(name="control_password").value = 'secret'
     213  >>> browser.getControl(name="password").value = 'TOP4secret'
     214  >>> browser.getControl(name="control_password").value = 'TOP4secret'
    209215  >>> browser.getControl(name="form.email").value = 'xx@yy.zz'
    210216  >>> browser.getControl(name="form.phone.country").value = ['+234']

  • main/waeup.kofa/trunk/src/waeup/kofa/interfaces.py

    r15163 r15286  
    649649        """
    650650
     651    def validate_secured_password(self, pw, pw_repeat):
     652        """ Validates a password by comparing it with
     653        control password and checks password strength by
     654        matching with the regular expression:
     655
     656        ^(?=.*[A-Z])(?=.*[a-z])(?=.*[0-9]).{8,}$
     657
     658        ^              Start anchor
     659        (?=.*[A-Z])    Ensure password has one uppercase letters.
     660        (?=.*[0-9])    Ensure password has one digit.
     661        (?=.*[a-z])    Ensure password has one lowercase letter.
     662        .{8,}          Ensure password is of length 8.
     663        $              End anchor.
     664        """
     665
    651666
    652667class IUsersContainer(IKofaObject):
Note: See TracChangeset for help on using the changeset viewer.